Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Grid 3.exe

Overview

General Information

Sample Name:Grid 3.exe
Analysis ID:1319994
MD5:06844e65a7a827a949c5e6a236a6c8de
SHA1:d477de3fe8e271afbb8be7fd22bc2cbb54c6e6cd
SHA256:dc7900304965f4d32aed8b701a884ff2549e40d7d869f4de3900c71f872be353
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Creates an autostart registry key pointing to binary in C:\Windows
Yara detected Generic Downloader
Uses 32bit PE files
Found inlined nop instructions (likely shell or obfuscated code)
Queries the volume information (name, serial number etc) of a device
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Allocates memory with a write watch (potentially for evading sandboxes)
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Creates a process in suspended mode (likely to inject code)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64_ra
  • Grid 3.exe (PID: 5628 cmdline: C:\Users\user\Desktop\Grid 3.exe MD5: 06844E65A7A827A949C5E6A236A6C8DE)
    • ssUpdate.exe (PID: 2100 cmdline: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3 MD5: 2BDEC611319F5BB269337BCBFF6346DE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    1.2.ssUpdate.exe.18d20db0000.2.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      • Privilege Escalation
      • Compliance
      • Software Vulnerabilities
      • Networking
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Boot Survival
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Anti Debugging
      • HIPS / PFW / Operating System Protection Evasion
      • Language, Device and Operating System Detection

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: PROPSYS.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: FLTLIB.DLLJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: CLDAPI.dllJump to behavior
      Source: Grid 3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: PROPSYS.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: FLTLIB.DLLJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDLL: CLDAPI.dllJump to behavior
      Source: Grid 3.exeStatic PE information: certificate valid
      Source: Grid 3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256c3!l"q source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: ]C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: >C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.BootstrapperLib.pdb source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.pdb source: Grid 3.exe, 00000000.00000002.1255488029.0000000008D10000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: "SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Client\obj\Release\ssUpdate.pdb source: ssUpdate.exe, 00000001.00000000.1243183202.0000018D209B2000.00000002.00000001.01000000.00000005.sdmp, ssUpdate.exe.0.dr
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.Bootstrapper.pdbSHA256 source: Grid 3.exe
      Source: Binary string: C:\Users\martinjo\dev\gcode\stateless\Stateless\obj\Release\Stateless.pdb@ source: Stateless.dll.0.dr
      Source: Binary string: SC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: MahApps.Metro.pdb source: Grid 3.exe
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.Bootstrapper.pdb source: Grid 3.exe
      Source: Binary string: KC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: MahApps.Metro.pdbPK source: Grid 3.exe
      Source: Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: Grid 3.exe, 00000000.00000003.1223397150.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Ionic.Zip.Reduced.dll.0.dr
      Source: Binary string: 3SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: R)SensorySoftware.Shared.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: &SensorySoftware.Deployment.Client.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: ControlzEx.pdbPK source: Grid 3.exe
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\dlls\mscordac\mscordaccore.pdb source: Grid 3.exe
      Source: Binary string: [a#Newtonsoft.Json.pdbPK source: Grid 3.exe
      Source: Binary string: ControlzEx.pdb source: Grid 3.exe
      Source: Binary string: ,SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Model.Desktop\obj\Release\SensorySoftware.Deployment.Model.Desktop.pdbt source: Grid 3.exe, 00000000.00000003.1230116087.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1913591550.0000018D3AFF2000.00000002.00000001.01000000.00000011.sdmp, SensorySoftware.Deployment.Model.Desktop.dll.0.dr
      Source: Binary string: C:\projects\mahapps-metro\src\MahApps.Metro\obj\Release\net45\MahApps.Metro.pdb source: Grid 3.exe, 00000000.00000003.1224246317.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Client.Model.Desktop\obj\Release\SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000003.1228825610.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.dr
      Source: Binary string: BC:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: Newtonsoft.Json.pdb source: Grid 3.exe
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared\obj\Release\SensorySoftware.Shared.pdb source: Grid 3.exe, 00000000.00000003.1231664792.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1904939580.0000018D20D82000.00000002.00000001.01000000.0000000E.sdmp, SensorySoftware.Shared.dll.0.dr
      Source: Binary string: +SensorySoftware.Shared.pdbPK source: Grid 3.exe
      Source: Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\NET45\ControlzEx.pdbL source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared.Desktop\obj\Release\SensorySoftware.Shared.Desktop.pdb source: ssUpdate.exe, 00000001.00000002.1906020496.0000018D20DE2000.00000002.00000001.01000000.00000010.sdmp, SensorySoftware.Shared.Desktop.dll.0.dr
      Source: Binary string: /ssUpdate.pdbPK source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000002.1245556880.000000000309A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Model.Desktop\obj\Release\SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000003.1230116087.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1913591550.0000018D3AFF2000.00000002.00000001.01000000.00000011.sdmp, SensorySoftware.Deployment.Model.Desktop.dll.0.dr
      Source: Binary string: *0Stateless.pdbPK source: Grid 3.exe
      Source: Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\NET45\ControlzEx.pdb source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.dll.0.dr
      Source: Binary string: ssUpdate.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Deployment.Client.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.pdb source: Grid 3.exe, 00000000.00000002.1255488029.0000000008D10000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: DC:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: dC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe
      Source: Binary string: Newtonsoft.Json.pdbPK source: Grid 3.exe
      Source: Binary string: Stateless.pdbPK source: Grid 3.exe
      Source: Binary string: C:\Users\martinjo\dev\gcode\stateless\Stateless\obj\Release\Stateless.pdb source: Stateless.dll.0.dr
      Source: Binary string: ssUpdate.pdb source: Grid 3.exe
      Source: Binary string: Stateless.pdb source: Grid 3.exe
      Source: Binary string: ?C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: 'SensorySoftware.Deployment.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: =C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: Grid 3.exe, 00000000.00000002.1247943047.0000000006041000.00000004.00001000.00020000.00000000.sdmp, System.Windows.Interactivity.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared\obj\Release\SensorySoftware.Shared.pdbx source: Grid 3.exe, 00000000.00000003.1231664792.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1904939580.0000018D20D82000.00000002.00000001.01000000.0000000E.sdmp, SensorySoftware.Shared.dll.0.dr
      Source: Binary string: E:\452RTMGDR\binaries\x86ret\bin\i386\VSSetup\Utils\boxstub.pdb source: Grid 3.exe, dotNet452_Web.exe.0.dr
      Source: Binary string: SensorySoftware.Deployment.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.pdbPK source: Grid 3.exe
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 4x nop then cmp edx, esi0_2_03550F90
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 4x nop then cmp edx, esi0_2_03550FA0
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 4x nop then xor esi, esi0_2_03550A69
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 4x nop then les esp, ecx0_2_03550AFD

      Networking

      barindex
      Source: Yara matchFile source: 1.2.ssUpdate.exe.18d20db0000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll, type: DROPPED
      Source: Grid 3.exeString found in binary or memory: http://.css
      Source: Grid 3.exeString found in binary or memory: http://.jpg
      Source: ssUpdate.exe, 00000001.00000002.1906020496.0000018D20DE2000.00000002.00000001.01000000.00000010.sdmp, SensorySoftware.Shared.Desktop.dll.0.drString found in binary or memory: http://activate.sensorysoftware.com/autolicence.cgi?userkey=
      Source: Grid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drString found in binary or memory: http://blogs.msdn.com/b/greg_schechter/archive/2007/10/26/enter-the-planerator-dead-simple-3d-in-wpf
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: Grid 3.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: Grid 3.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: Grid 3.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
      Source: Grid 3.exe, 00000000.00000003.1232568415.0000000008D54000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
      Source: Grid 3.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
      Source: Grid 3.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: Grid 3.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
      Source: Grid 3.exe, 00000000.00000003.1232568415.0000000008D54000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
      Source: Grid 3.exe, 00000000.00000002.1247943047.0000000006041000.00000004.00001000.00020000.00000000.sdmp, System.Windows.Interactivity.dll.0.drString found in binary or memory: http://expression/system.windows.interactivity.dll0
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
      Source: Grid 3.exeString found in binary or memory: http://html4/loose.dtd
      Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
      Source: MahApps.Metro.dll.0.drString found in binary or memory: http://metro.mahapps.com/winfx/xaml/controls
      Source: MahApps.Metro.dll.0.drString found in binary or memory: http://metro.mahapps.com/winfx/xaml/shared
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
      Source: Grid 3.exeString found in binary or memory: http://ocsp.digicert.com0A
      Source: Grid 3.exe, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0K
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: Grid 3.exeString found in binary or memory: http://ocsp.digicert.com0X
      Source: ssUpdate.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
      Source: MahApps.Metro.xml.0.drString found in binary or memory: http://prabu-guru.blogspot.com/2010/06/how-to-add-watermark-text-to-textbox.html
      Source: ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: Ionic.Zip.Reduced.dll.0.drString found in binary or memory: http://www.codeplex.com/DotNetZip.
      Source: Grid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drString found in binary or memory: http://www.codeproject.com/KB/GDI-plus/IdealTextColor.aspx
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: MahApps.Metro.xml.0.drString found in binary or memory: http://www.galasoft.ch/license_MIT.txt
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: Grid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drString found in binary or memory: http://www.hardcodet.net/uploads/2009/06/UIHelper.cs
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: MahApps.Metro.xml.0.drString found in binary or memory: http://www.mvvmlight.net
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: Grid 3.exe, 00000000.00000003.1228825610.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drString found in binary or memory: http://www.thinksmartbox.com
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
      Source: ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: MahApps.Metro.xml.0.drString found in binary or memory: http://xamlcoder.com/blog/2010/11/04/creating-a-metro-ui-style-control/
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/binaryformatter
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?DOTNET_DISABLE_GUI_ERRORSYou
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-illink/com
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-illink/com)
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-illink/nativehost
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/download
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/downloadInstall
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/info
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/sdk-not-foundFailed
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drString found in binary or memory: https://api-grids.sensorysoftware.com/pull/
      Source: ControlzEx.dll.0.drString found in binary or memory: https://github.com/ControlzEx/ControlzEx
      Source: Newtonsoft.Json.xml.0.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/issues/652
      Source: Grid 3.exeString found in binary or memory: https://github.com/dotnet/runtime
      Source: Grid 3.exe, 00000000.00000003.1221901184.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.pdb.0.drString found in binary or memory: https://raw.github.com/ControlzEx/ControlzEx/2a937e3e841cb0087cfdbb8f3b4caea7f781dd1b/%var2%
      Source: MahApps.Metro.pdb.0.drString found in binary or memory: https://raw.github.com/MahApps/MahApps.Metro/cb9264828def32d2c55ec32dc0426c8a72aa793d/%var2%
      Source: Newtonsoft.Json.pdb.0.drString found in binary or memory: https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/509643a8952ce731e0207710c429ad6e67dc43db/
      Source: Grid 3.exe, ssUpdate.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
      Source: ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, ssUpdate.log.1.dr, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drString found in binary or memory: https://smartbox-inventory.s3.eu-west-1.amazonaws.com/
      Source: ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartbox-inventory.s3.eu-west-1.amazonaws.com/p
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/json
      Source: Newtonsoft.Json.xml.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: Grid 3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Grid 3.exeBinary or memory string: OriginalFilename vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1262281469.000000000B0C2000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Collections.Immutable.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1261875980.000000000B06C000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1223397150.0000000008D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIonic.Zip.Reduced.dllD vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1252604730.0000000008962000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.StackTrace.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1230116087.0000000008D33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Deployment.Model.Desktop.dllV vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1257642162.0000000008E41000.00000020.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.ComponentModel.Primitives.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1248172351.00000000082A5000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.ObjectModel.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1252540822.0000000008943000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.MemoryMappedFiles.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1247943047.0000000006041000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1262281469.000000000B0CA000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Collections.NonGeneric.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1251761365.0000000008911000.00000020.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Linq.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1252758535.00000000089B1000.00000020.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Deployment.BootstrapperLib.dllv+ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameControlzEx.dll6 vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1228825610.0000000008D33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Deployment.Client.Model.Desktop.dllV vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1248172351.00000000082AA000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Private.CoreLib.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1251568850.00000000088A9000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Deployment.BootstrapperLib.dllv+ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1252604730.0000000008967000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.ZipFile.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000000.1217710822.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemscordaccore.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000000.1217710822.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Deployment.Bootstrapper.dllp( vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1231664792.0000000008D33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSensorySoftware.Shared.dllN vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameControlzEx.dll6 vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1226628736.0000000008D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMono.Security.dll$ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1224246317.0000000008D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMahApps.Metro.dll< vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1257366522.0000000008E20000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.Registry.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1261875980.000000000B065000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.ComponentModel.TypeConverter.dll@ vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000003.1232568415.0000000008D54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessUpdate.exeV vs Grid 3.exe
      Source: Grid 3.exe, 00000000.00000002.1252662726.000000000897C000.00000002.00000001.00040000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenamemscordaccore.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSensorySoftware.Deployment.Bootstrapper.dllp( vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSensorySoftware.Deployment.BootstrapperLib.dllv+ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameNDP452-KB2901954-Web.exe^ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameBoxStub.exeT vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameMicrosoft.Win32.Registry.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Collections.Concurrent.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Collections.Immutable.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Collections.NonGeneric.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.ComponentModel.Primitives.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.ComponentModel.TypeConverter.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Diagnostics.StackTrace.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.IO.Compression.ZipFile.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.IO.MemoryMappedFiles.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Linq.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.ObjectModel.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Private.CoreLib.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.Reflection.Metadata.dll@ vs Grid 3.exe
      Source: Grid 3.exeBinary or memory string: OriginalFilenameSystem.dll@ vs Grid 3.exe
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_03555A600_2_03555A60
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_03550AFD0_2_03550AFD
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF72566F31_2_00007FFBF72566F3
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF725A5B81_2_00007FFBF725A5B8
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF7262BF51_2_00007FFBF7262BF5
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF72614961_2_00007FFBF7261496
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF72530A81_2_00007FFBF72530A8
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF725BF431_2_00007FFBF725BF43
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF725D60D1_2_00007FFBF725D60D
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF7255E801_2_00007FFBF7255E80
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF725A66D1_2_00007FFBF725A66D
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeCode function: 1_2_00007FFBF725C2701_2_00007FFBF725C270
      Source: Grid 3.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
      Source: C:\Users\user\Desktop\Grid 3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dllJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Grid 3.exe C:\Users\user\Desktop\Grid 3.exe
      Source: C:\Users\user\Desktop\Grid 3.exeProcess created: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3
      Source: C:\Users\user\Desktop\Grid 3.exeProcess created: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3Jump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\SensorySoftware.Deployment.Client
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeFile created: C:\Users\Public\Documents\Sensory SoftwareJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox UpdateJump to behavior
      Source: Grid 3.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
      Source: Grid 3.exeString found in binary or memory: Morph - Structs/AddrExp
      Source: Grid 3.exeString found in binary or memory: prejitNYI: patchpoint info generationlooptail.call and not BBINSTRImportationPre-importExpand patchpointsIndirect call transformProfile instrumentation prepPost-importProfile incorporationProfile instrumentationMorph - InliningMorph - InitAllocate ObjectsMorph - Add internal blocksRemove empty finallyRemove empty tryClone finallyMerge callfinally chainsCompute predsUpdate finally target flagsMorph - Structs/AddrExpUpdate flow graph early passMorph - ByRefsForward SubstitutionMorph - GlobalMorph - Promote StructsGS CookieMorph - FinishMerge throw blocksCompute edge weights (1, false)Optimize control flowInvert loopsCompute blocks reachabilityOptimize layoutRedundant zero InitsSet block weightsClone loopsFind loopsClear loop infoUnroll loopsHoist loop codeMorph array opsOpt add copiesMark local varsFind oper orderOptimize boolsBuild SSA representationSet block orderSSA: Doms1SSA: topological sortSSA: DFSSA: livenessSSA: renameSSA: insert phisDo value numberingEarly Value PropagationOptimize Valnum CSEsOptimize index checksRedundant branch optsVN based copy propUpdate flow graph opt passAssertion propInsert GC PollsCompute edge weights (2, false)Rationalize IRDetermine first cold blockLocal var livenessDo 'simple' loweringPer block local var livenessLocal var liveness initLowering decompositionGlobal local var livenessCalculate stack level slotsLowering nodeinfoLSRA build intervalsLinear scan register allocLSRA resolveLSRA allocateGenerate codePlace 'align' instructionsEmit GC+EH tablesEmit codePost-EmitProcessor does not have a high-frequency timer.
      Source: Grid 3.exeString found in binary or memory: VirtualAlloc2MapViewOfFile3kernelbase.dllstring too longbad array new lengthApplication root path is empty. This shouldn't happenUsing internal fxrUsing internal hostpolicyPath containing probing policy and assemblies to probe for.--depsfile--additionalprobingpath<path>Path to <application>.runtimeconfig.json file.--fx-versionPath to <application>.deps.json file.--runtimeconfig--roll-forward<value><version>Version of the installed Shared Framework to use to run the application.Path to additional deps.json file.--roll-forward-on-no-candidate-fxRoll forward to framework version (LatestPatch, Minor, LatestMinor, Major, LatestMajor, Disable)--additional-depssdkParsed known arg %s = %s<n><obsolete>Using the provided arguments to determine the application to execute.Application '%s' is not a managed executable.Failed to parse supported options or their values: %s %-*s %sThe application to execute does not exist: '%s'--- Executing in split/FX mode...Application '%s' does not exist.dotnet exec needs a managed .dll or .exe extension. The application specified was '%s'execstatic--- Executing in a native executable mode...--- Executing in muxer mode... No SDKs were found.
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/download --list-runtimes Display the installed runtimes --list-sdks Display the installed SDKs The path to an application .dll file to execute.host-options: --info Display .NET information.vector too longCommon Options: -h|--help Displays this help.invalid hash bucket countinvalid string positionunordered_map/set too longA fatal error occurred while processing application bundleInvalid startup info: host_path, dotnet_root, and app_path should not be null.--- Invoked %s [commit hash: %s]hostfxr_main_bundle_startupinfohostfxr_main_startupinfoget-native-search-directoriesHosting components are already initialized. Re-initialization to execute an app is not allowed..json|arch|\|tfm||arch|/|tfm|.dev.jsonRuntime config is cfg=%s dev=%sThe specified runtimeconfig.json [%s] does not existApp runtimeconfig.json from [%s]Ignoring host interpreted additional probing path %s as it does not exist.Ignoring additional probing path %s as it does not exist..deps.jsonDetecting mode... CoreCLR present in dotnet root [%s] and checking if [%s] file present=[%d]Specified runtimeconfig.json from [%s]Invalid runtimeconfig.json [%s] [%s]Invalid value for command line argument '%s'It's invalid to use both '%s' and '%s' command line options..runtimeconfig.jsonThe specified deps.json [%s] does not existframework-dependentself-containedDOTNET_ADDITIONAL_DEPSHOSTFXR_PATHExecuting as a %s app as per config file [%s]Using dotnet root path [%s]--list-sdks--help-?--list-runtimes-hThe command could not be loaded, possibly because:
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/download --list-runtimes Display the installed runtimes --list-sdks Display the installed SDKs The path to an application .dll file to execute.host-options: --info Display .NET information.vector too longCommon Options: -h|--help Displays this help.invalid hash bucket countinvalid string positionunordered_map/set too longA fatal error occurred while processing application bundleInvalid startup info: host_path, dotnet_root, and app_path should not be null.--- Invoked %s [commit hash: %s]hostfxr_main_bundle_startupinfohostfxr_main_startupinfoget-native-search-directoriesHosting components are already initialized. Re-initialization to execute an app is not allowed..json|arch|\|tfm||arch|/|tfm|.dev.jsonRuntime config is cfg=%s dev=%sThe specified runtimeconfig.json [%s] does not existApp runtimeconfig.json from [%s]Ignoring host interpreted additional probing path %s as it does not exist.Ignoring additional probing path %s as it does not exist..deps.jsonDetecting mode... CoreCLR present in dotnet root [%s] and checking if [%s] file present=[%d]Specified runtimeconfig.json from [%s]Invalid runtimeconfig.json [%s] [%s]Invalid value for command line argument '%s'It's invalid to use both '%s' and '%s' command line options..runtimeconfig.jsonThe specified deps.json [%s] does not existframework-dependentself-containedDOTNET_ADDITIONAL_DEPSHOSTFXR_PATHExecuting as a %s app as per config file [%s]Using dotnet root path [%s]--list-sdks--help-?--list-runtimes-hThe command could not be loaded, possibly because:
      Source: Grid 3.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
      Source: Grid 3.exeString found in binary or memory: -Start Disk Number cannot be held in an Int64.
      Source: classification engineClassification label: sus36.troj.winEXE@3/28@0/0
      Source: C:\Users\user\Desktop\Grid 3.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: Grid 3.exeStatic file information: File size 18771680 > 1048576
      Source: Grid 3.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: Grid 3.exeStatic PE information: certificate valid
      Source: Grid 3.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x534000
      Source: Grid 3.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x13ee00
      Source: Grid 3.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x13ca00
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: Grid 3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: Grid 3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256c3!l"q source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: ]C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: >C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.BootstrapperLib.pdb source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.pdb source: Grid 3.exe, 00000000.00000002.1255488029.0000000008D10000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: "SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Client\obj\Release\ssUpdate.pdb source: ssUpdate.exe, 00000001.00000000.1243183202.0000018D209B2000.00000002.00000001.01000000.00000005.sdmp, ssUpdate.exe.0.dr
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.Bootstrapper.pdbSHA256 source: Grid 3.exe
      Source: Binary string: C:\Users\martinjo\dev\gcode\stateless\Stateless\obj\Release\Stateless.pdb@ source: Stateless.dll.0.dr
      Source: Binary string: SC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: MahApps.Metro.pdb source: Grid 3.exe
      Source: Binary string: C:\Dev\repos\_Products\_Net\SensorySoftware\_Tools\Publisher\win7-x64\Config\SensorySoftware.Deployment.Bootstrapper\obj\x86\Release\net7.0-windows\win7-x86\linked\SensorySoftware.Deployment.Bootstrapper.pdb source: Grid 3.exe
      Source: Binary string: KC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: MahApps.Metro.pdbPK source: Grid 3.exe
      Source: Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: Grid 3.exe, 00000000.00000003.1223397150.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Ionic.Zip.Reduced.dll.0.dr
      Source: Binary string: 3SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: R)SensorySoftware.Shared.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: &SensorySoftware.Deployment.Client.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: ControlzEx.pdbPK source: Grid 3.exe
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\dlls\mscordac\mscordaccore.pdb source: Grid 3.exe
      Source: Binary string: [a#Newtonsoft.Json.pdbPK source: Grid 3.exe
      Source: Binary string: ControlzEx.pdb source: Grid 3.exe
      Source: Binary string: ,SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Model.Desktop\obj\Release\SensorySoftware.Deployment.Model.Desktop.pdbt source: Grid 3.exe, 00000000.00000003.1230116087.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1913591550.0000018D3AFF2000.00000002.00000001.01000000.00000011.sdmp, SensorySoftware.Deployment.Model.Desktop.dll.0.dr
      Source: Binary string: C:\projects\mahapps-metro\src\MahApps.Metro\obj\Release\net45\MahApps.Metro.pdb source: Grid 3.exe, 00000000.00000003.1224246317.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Client.Model.Desktop\obj\Release\SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000003.1228825610.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.dr
      Source: Binary string: BC:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: Newtonsoft.Json.pdb source: Grid 3.exe
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared\obj\Release\SensorySoftware.Shared.pdb source: Grid 3.exe, 00000000.00000003.1231664792.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1904939580.0000018D20D82000.00000002.00000001.01000000.0000000E.sdmp, SensorySoftware.Shared.dll.0.dr
      Source: Binary string: +SensorySoftware.Shared.pdbPK source: Grid 3.exe
      Source: Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\NET45\ControlzEx.pdbL source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared.Desktop\obj\Release\SensorySoftware.Shared.Desktop.pdb source: ssUpdate.exe, 00000001.00000002.1906020496.0000018D20DE2000.00000002.00000001.01000000.00000010.sdmp, SensorySoftware.Shared.Desktop.dll.0.dr
      Source: Binary string: /ssUpdate.pdbPK source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000002.1245556880.000000000309A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: D:\TeamCity\buildAgent\work\69f8f1b8a66fb95f\Publisher\Source\SensorySoftware.Deployment.Model.Desktop\obj\Release\SensorySoftware.Deployment.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000003.1230116087.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1913591550.0000018D3AFF2000.00000002.00000001.01000000.00000011.sdmp, SensorySoftware.Deployment.Model.Desktop.dll.0.dr
      Source: Binary string: *0Stateless.pdbPK source: Grid 3.exe
      Source: Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\NET45\ControlzEx.pdb source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.dll.0.dr
      Source: Binary string: ssUpdate.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Deployment.Client.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.pdb source: Grid 3.exe, 00000000.00000002.1255488029.0000000008D10000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: DC:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: dC:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: SensorySoftware.Deployment.Client.Model.Desktop.pdb source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.Desktop.pdb source: Grid 3.exe
      Source: Binary string: Newtonsoft.Json.pdbPK source: Grid 3.exe
      Source: Binary string: Stateless.pdbPK source: Grid 3.exe
      Source: Binary string: C:\Users\martinjo\dev\gcode\stateless\Stateless\obj\Release\Stateless.pdb source: Stateless.dll.0.dr
      Source: Binary string: ssUpdate.pdb source: Grid 3.exe
      Source: Binary string: Stateless.pdb source: Grid 3.exe
      Source: Binary string: ?C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: 'SensorySoftware.Deployment.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: =C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.pdb source: Grid 3.exe, 00000000.00000002.1247790286.0000000005041000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: Grid 3.exe, 00000000.00000002.1247943047.0000000006041000.00000004.00001000.00020000.00000000.sdmp, System.Windows.Interactivity.dll.0.dr
      Source: Binary string: D:\TeamCity\buildAgent\work\7e895a6723bc2a7e\Source\SensorySoftware.Shared\obj\Release\SensorySoftware.Shared.pdbx source: Grid 3.exe, 00000000.00000003.1231664792.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1904939580.0000018D20D82000.00000002.00000001.01000000.0000000E.sdmp, SensorySoftware.Shared.dll.0.dr
      Source: Binary string: E:\452RTMGDR\binaries\x86ret\bin\i386\VSSetup\Utils\boxstub.pdb source: Grid 3.exe, dotNet452_Web.exe.0.dr
      Source: Binary string: SensorySoftware.Deployment.Model.Desktop.pdbPK source: Grid 3.exe
      Source: Binary string: SensorySoftware.Shared.pdbPK source: Grid 3.exe
      Source: Grid 3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: Grid 3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: Grid 3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: Grid 3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: Grid 3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_089B2FED push ebx; ret 0_2_089B2FF6
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_089B4F1D push 0CF55E65h; iretd 0_2_089B4F27
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_089B3075 push eax; ret 0_2_089B3088
      Source: C:\Users\user\Desktop\Grid 3.exeCode function: 0_2_03551400 push FFFFFFC4h; retf 0008h0_2_03551402
      Source: Grid 3.exeStatic PE information: section name: .CLR_UEF
      Source: Grid 3.exeStatic PE information: section name: .didat
      Source: Grid 3.exeStatic PE information: section name: _RDATA
      Source: dotNet452_Web.exe.0.drStatic PE information: section name: .boxld01
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\dotNet452_Web.exeJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\System.Windows.Interactivity.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\Mono.Security.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeFile created: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dllJump to dropped file

      Boot Survival

      barindex
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce SensoryInstallerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce SensoryInstallerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce SensoryInstallerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce SensoryInstallerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce SensoryInstallerJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeMemory allocated: 400000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeMemory allocated: 5040000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeMemory allocated: 8040000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exe TID: 1632Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\dotNet452_Web.exeJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\System.Windows.Interactivity.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\Mono.Security.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dllJump to dropped file
      Source: C:\Users\user\Desktop\Grid 3.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\Grid 3.exeProcess created: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3Jump to behavior
      Source: Grid 3.exe, 00000000.00000003.1221401924.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, Grid 3.exe, 00000000.00000003.1221401924.0000000008D12000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.dll.0.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWndhwndIF29F85E0-4FF9-1068-AB91-08002B27B3D9
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Annotations\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Annotations.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts2
      Command and Scripting Interpreter      		11
      Registry Run Keys / Startup Folder      		12
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/Job1
      DLL Search Order Hijacking      		11
      Registry Run Keys / Startup Folder      		1
      Disable or Modify Tools      		LSASS Memory31
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)1
      DLL Search Order Hijacking      		31
      Virtualization/Sandbox Evasion      		Security Account Manager1
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
      Process Injection      		NTDS12
      System Information Discovery      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      DLL Search Order Hijacking      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1319994 Sample: Grid 3.exe Startdate: 05/10/2023 Architecture: WINDOWS Score: 36 20 Yara detected Generic Downloader 2->20 6 Grid 3.exe 33 2->6         started        process3 file4 12 C:\Users\user\AppData\Local\...\ssUpdate.exe, PE32 6->12 dropped 14 SensorySoftware.De...t.Model.Desktop.dll, PE32 6->14 dropped 16 C:\Users\user\AppData\...\dotNet452_Web.exe, PE32 6->16 dropped 18 10 other files (none is malicious) 6->18 dropped 9 ssUpdate.exe 1 5 6->9         started        process5 signatures6 22 Creates an autostart registry key pointing to binary in C:\Windows 9->22

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Grid 3.exe5%ReversingLabs
      Grid 3.exe3%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Mono.Security.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Mono.Security.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\System.Windows.Interactivity.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\System.Windows.Interactivity.dll0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\dotNet452_Web.exe3%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\dotNet452_Web.exe0%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe0%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://html4/loose.dtd0%Avira URL Cloudsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://ocsp.sectigo.com00%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      https://sectigo.com/CPS00%URL Reputationsafe
      http://james.newtonking.com/projects/json0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://activate.sensorysoftware.com/autolicence.cgi?userkey=0%Avira URL Cloudsafe
      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://.css0%Avira URL Cloudsafe
      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%Avira URL Cloudsafe
      http://xamlcoder.com/blog/2010/11/04/creating-a-metro-ui-style-control/0%Avira URL Cloudsafe
      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%Avira URL Cloudsafe
      http://metro.mahapps.com/winfx/xaml/controls0%Avira URL Cloudsafe
      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%VirustotalBrowse
      http://www.mvvmlight.net0%Avira URL Cloudsafe
      http://metro.mahapps.com/winfx/xaml/shared0%Avira URL Cloudsafe
      http://xamlcoder.com/blog/2010/11/04/creating-a-metro-ui-style-control/0%VirustotalBrowse
      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%VirustotalBrowse
      http://www.mvvmlight.net0%VirustotalBrowse
      http://metro.mahapps.com/winfx/xaml/controls0%VirustotalBrowse
      http://www.galasoft.ch/license_MIT.txt1%VirustotalBrowse
      http://www.galasoft.ch/license_MIT.txt0%Avira URL Cloudsafe
      http://metro.mahapps.com/winfx/xaml/shared0%VirustotalBrowse
      https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/509643a8952ce731e0207710c429ad6e67dc43db/0%Avira URL Cloudsafe
      http://.jpg0%Avira URL Cloudsafe
      http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%Avira URL Cloudsafe
      https://api-grids.sensorysoftware.com/pull/0%Avira URL Cloudsafe
      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%Avira URL Cloudsafe
      https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/509643a8952ce731e0207710c429ad6e67dc43db/1%VirustotalBrowse
      http://www.thinksmartbox.com0%Avira URL Cloudsafe
      http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%VirustotalBrowse
      http://www.thinksmartbox.com0%VirustotalBrowse
      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      No contacted domains info
      NameSourceMaliciousAntivirus DetectionReputation
      http://html4/loose.dtdGrid 3.exefalse
      • Avira URL Cloud: safe
      		low
      http://activate.sensorysoftware.com/autolicence.cgi?userkey=ssUpdate.exe, 00000001.00000002.1906020496.0000018D20DE2000.00000002.00000001.01000000.00000010.sdmp, SensorySoftware.Shared.Desktop.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.hardcodet.net/uploads/2009/06/UIHelper.csGrid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drfalse
        		high
        http://www.founder.com.cn/cn/bThessUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Grid 3.exe, ssUpdate.exe.0.drfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.sectigo.com0ssUpdate.exe.0.drfalse
        • URL Reputation: safe
        		unknown
        https://aka.ms/dotnet/infoGrid 3.exefalse
          		high
          http://prabu-guru.blogspot.com/2010/06/how-to-add-watermark-text-to-textbox.htmlMahApps.Metro.xml.0.drfalse
            		high
            http://xamlcoder.com/blog/2010/11/04/creating-a-metro-ui-style-control/MahApps.Metro.xml.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.tiro.comssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.newtonsoft.com/jsonGrid 3.exe, 00000000.00000003.1227340465.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drfalse
              		high
              https://aka.ms/dotnet/app-launch-failedGrid 3.exefalse
                		high
                https://smartbox-inventory.s3.eu-west-1.amazonaws.com/pssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Grid 3.exe, ssUpdate.exe.0.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.goodfont.co.krssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://.cssGrid 3.exefalse
                  • Avira URL Cloud: safe
                  		low
                  http://metro.mahapps.com/winfx/xaml/controlsMahApps.Metro.dll.0.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://aka.ms/dotnet/sdk-not-foundFailedGrid 3.exefalse
                    		high
                    http://blogs.msdn.com/b/greg_schechter/archive/2007/10/26/enter-the-planerator-dead-simple-3d-in-wpfGrid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drfalse
                      		high
                      http://www.mvvmlight.netMahApps.Metro.xml.0.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://aka.ms/dotnet-core-applaunch?Grid 3.exefalse
                        		high
                        https://aka.ms/dotnet-illink/com)Grid 3.exefalse
                          		high
                          https://github.com/dotnet/runtimeGrid 3.exefalse
                            		high
                            http://www.sajatypeworks.comssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/cThessUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.comssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.codeplex.com/DotNetZip.Ionic.Zip.Reduced.dll.0.drfalse
                              		high
                              http://metro.mahapps.com/winfx/xaml/sharedMahApps.Metro.dll.0.drfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.galasoft.ch/license_MIT.txtMahApps.Metro.xml.0.drfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://aka.ms/dotnet-warnings/Grid 3.exefalse
                                		high
                                https://aka.ms/nativeaot-compatibilityGrid 3.exefalse
                                  		high
                                  https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/509643a8952ce731e0207710c429ad6e67dc43db/Newtonsoft.Json.pdb.0.drfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://aka.ms/binaryformatterGrid 3.exefalse
                                    		high
                                    https://github.com/JamesNK/Newtonsoft.Json/issues/652Newtonsoft.Json.xml.0.drfalse
                                      		high
                                      http://www.fonts.comssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namessUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.sakkal.comssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://.jpgGrid 3.exefalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.apache.org/licenses/LICENSE-2.0ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://sectigo.com/CPS0Grid 3.exe, ssUpdate.exe.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/soap/encoding/ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://raw.github.com/ControlzEx/ControlzEx/2a937e3e841cb0087cfdbb8f3b4caea7f781dd1b/%var2%Grid 3.exe, 00000000.00000003.1221901184.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, ControlzEx.pdb.0.drfalse
                                                		high
                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#Grid 3.exe, ssUpdate.exe.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://aka.ms/dotnet-illink/comGrid 3.exefalse
                                                  		high
                                                  https://github.com/ControlzEx/ControlzExControlzEx.dll.0.drfalse
                                                    		high
                                                    https://aka.ms/dotnet/downloadInstallGrid 3.exefalse
                                                      		high
                                                      http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.codeproject.com/KB/GDI-plus/IdealTextColor.aspxGrid 3.exe, 00000000.00000003.1226206635.0000000008D11000.00000004.00000020.00020000.00000000.sdmp, MahApps.Metro.xml.0.drfalse
                                                        		high
                                                        http://www.carterandcone.comlssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tGrid 3.exe, 00000000.00000003.1232568415.0000000008D54000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.founder.com.cn/cnssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api-grids.sensorysoftware.com/pull/SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://raw.github.com/MahApps/MahApps.Metro/cb9264828def32d2c55ec32dc0426c8a72aa793d/%var2%MahApps.Metro.pdb.0.drfalse
                                                          		high
                                                          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yGrid 3.exe, ssUpdate.exe.0.drfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Grid 3.exe, 00000000.00000003.1232568415.0000000008D54000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://aka.ms/dotnet-core-applaunch?DOTNET_DISABLE_GUI_ERRORSYouGrid 3.exefalse
                                                            		high
                                                            http://schemas.xmlsoap.org/wsdl/ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.jiyu-kobo.co.jp/ssUpdate.exe, 00000001.00000002.1915968423.0000018D3C5D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.xml.0.drfalse
                                                                		high
                                                                http://www.thinksmartbox.comGrid 3.exe, 00000000.00000003.1228825610.0000000008D33000.00000004.00000020.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://aka.ms/GlobalizationInvariantModeGrid 3.exefalse
                                                                  		high
                                                                  https://www.nuget.org/packages/Newtonsoft.Json.BsonNewtonsoft.Json.dll.0.drfalse
                                                                    		high
                                                                    https://smartbox-inventory.s3.eu-west-1.amazonaws.com/ssUpdate.exe, 00000001.00000002.1907010819.0000018D2284F000.00000004.00000800.00020000.00000000.sdmp, ssUpdate.exe, 00000001.00000002.1905586055.0000018D20DB2000.00000002.00000001.01000000.0000000F.sdmp, ssUpdate.log.1.dr, SensorySoftware.Deployment.Client.Model.Desktop.dll.0.drfalse
                                                                      		high
                                                                      https://aka.ms/dotnet-illink/nativehostGrid 3.exefalse
                                                                        		high
                                                                        https://aka.ms/dotnet/downloadGrid 3.exefalse
                                                                          		high

                                                                          World Map of Contacted IPs

                                                                          No contacted IP infos

                                                                          General Information

                                                                          Joe Sandbox Version:38.0.0 Ammolite
                                                                          Analysis ID:1319994
                                                                          Start date and time:2023-10-05 10:18:58 +02:00
                                                                          Joe Sandbox Product:CloudBasic
                                                                          Overall analysis duration:0h 7m 15s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                          Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                                                          Number of analysed new started processes analysed:14
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample file name:Grid 3.exe
                                                                          Detection:SUS
                                                                          Classification:sus36.troj.winEXE@3/28@0/0
                                                                          EGA Information:
                                                                          • Successful, ratio: 50%
                                                                          HCA Information:Failed
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Exclude process from analysis (whitelisted): RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, usocoreworker.exe, svchost.exe
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                                          • Execution Graph export aborted for target ssUpdate.exe, PID 2100 because it is empty
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          No simulations

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          No context

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          No context

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dllTrBKmxvLQV.exeGet hashmaliciousBrowse
                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dllsetup.exeGet hashmaliciousUnknownBrowse
                                                                              S4zkrYGHIa.exeGet hashmaliciousNjratBrowse
                                                                                S4zkrYGHIa.exeGet hashmaliciousNjratBrowse
                                                                                  C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dllPolyWorksReportLoop2022_IR6_Inspector.msiGet hashmaliciousUnknownBrowse
                                                                                    AugnitoSetupX64-5.1.0.0.exeGet hashmaliciousRedLineBrowse
                                                                                      BlueJeans.2.28.61m.msiGet hashmaliciousUnknownBrowse
                                                                                        SourceTreeSetup-3.4.6.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                VoiceMan Reflex-Setup-V3.0.3.exeGet hashmaliciousUnknownBrowse
                                                                                                  SetupInstallerS.exeGet hashmaliciousUnknownBrowse
                                                                                                    setup.exeGet hashmaliciousUnknownBrowse
                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                        ProGetSetup5.3.6.exeGet hashmaliciousUnknownBrowse
                                                                                                          Automate.msiGet hashmaliciousBrowse

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\Public\Documents\Sensory Software\Diagnostic Logs\ssUpdate.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe
                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2251
                                                                                                            Entropy (8bit):5.170063072895009
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:pCF6+CFnDzFYCF3C+F3gKFY0vFj0FwVpFDToOfFSCFuaFnaFRFmFqLF0fF/FARF/:46+GlYG3t39Y0dj883NtSGuOOjyWwNAL
                                                                                                            MD5:0CEAE5FB338A48DC3AF3364A0ABC07AD
                                                                                                            SHA1:37180819F4EB37ABEF6C1A2456B9EBB37A5336BC
                                                                                                            SHA-256:146312E1C7B9803D6D634B8317763C11094430F9EB9808EF0F4786A79AD5E082
                                                                                                            SHA-512:F6AE92F9081AF143A5C59FFDA394976FAC7530BD79E54B3E6D9E1581340B2E838704F7B0ECDA65112730488CF6B552BB1E3347027EF84460C9426A7EC3F3BFAD
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:.INFO [2023-10-05 10:20:07.992] ----------------------------------------..INFO [2023-10-05 10:20:08.002] StreamLogger - Initialised..INFO [2023-10-05 10:20:08.032] Command line args = C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe, DeploymentMode=Install, InstallationId=Grid 3..INFO [2023-10-05 10:20:08.042] =============================================================..INFO [2023-10-05 10:20:08.052] STARTING : C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe..INFO [2023-10-05 10:20:08.052] PRODUCT : SensorySoftware.Deployment..INFO [2023-10-05 10:20:08.062] VERSION : 2.0.5.6..INFO [2023-10-05 10:20:08.062] CWD : C:\Users\user\Desktop..INFO [2023-10-05 10:20:08.062] COMMAND : "C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3"..INFO [2023-10-05 10:20:08.062] OS : Microsoft Windows NT 10.0.18363.0..INFO [2023-10-05 10:20:08.062] ============================================

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Bootsrapper.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):365
                                                                                                            Entropy (8bit):5.094259393040409
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:qrpsvknsfAjo6/sypfkhVTs0RLYtKkhXi1gvGuSADQJAeE56/YHRLYI0Msy:IBntMBhci1gvGdPgULy
                                                                                                            MD5:FF69D2C903F474E927EF94834EC010F2
                                                                                                            SHA1:0F504E36AE38F4916C019BEE59898260EEE27B3D
                                                                                                            SHA-256:532E7B72C5A45D428ABBE89F0E1E653237EEA0D8D9F9A9C66D9A3CEC78950F9C
                                                                                                            SHA-512:D90C282B072C7F724AE67A7D6D3D7A80E4058596878A29645C0A03267182200E502078740BFBEA8C2BD21D5E578699FB58E22B7571A3CCD7B00FCD207F98800E
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:Info [2023-10-05 08:20:06.271] Passed in arguments: ..Info [2023-10-05 08:20:06.271] Fixed arguments..Info [2023-10-05 08:20:06.291] DeploymentMode=Install..Info [2023-10-05 08:20:06.301] InstallationId=Grid 3..Info [2023-10-05 08:20:06.321] Starting ssUpdate process with admin=True, waitForCompletion=False, args=DeploymentMode="Install" InstallationId="Grid 3"..

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):180224
                                                                                                            Entropy (8bit):6.229484855760191
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:yE0EAPzbErGWsOMpgV0Dc6RdUdF0HQszXAfZMdFtp04b9Y8B3m1k7pq7FLFa2u:yE0EAPMrGWsWDWidF0HQszCZ2Ftppb9q
                                                                                                            MD5:5CF2837021516334344629CB679D40B5
                                                                                                            SHA1:92D9304196ADBA968C05C4D120387E464391B792
                                                                                                            SHA-256:55CAE0AF8517AC2D787B210AC6F79C9AAC7F58035B69FAAF620A90F33E2676FC
                                                                                                            SHA-512:200EF0B7A3F6F7907A355C4DE88F21783D535355BC1A71AE6B463C25B8D9AC84940380E1E71927247AF6D5E9B9621A3CEFA841A705B7179D8AA5A3904AC27924
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: TrBKmxvLQV.exe, Detection: malicious, Browse
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.Y.........." ..0.............v.... ........... ....................... ............`.................................$...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................X.......H...........<...........<...............................................2.~....(7...*6.~.....(8...*F.~....(7...t"...*6.~.....(8...*F.~....(7...t"...*6.~.....(8...*F.~....(7........*J.~..........(8...*6.~.....(9...*6.~.....(:...*F.~....(7........*J.~..........(;...*....0..f........t....%..(<...u....(=..., ..(<...,...(<...u..........+..+..o......(>.....(<...s?...%~....o@.....oA...*v.(B.....r...p(C...u....}....*.0............(D.....{....-..*.{....oE......(F...#........1...(G...#

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\ControlzEx.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*611 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):312832
                                                                                                            Entropy (8bit):4.100547518599601
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:3QFtDmSPxL/9wj0H+AlmIG+7N9nlEtSqBE2Ef+oipE/ST4SGit5:3QF5lt/9wjq5ky9mQqBE2Efl/lk
                                                                                                            MD5:592DE6D3906C1F8EC419C14D953CDF2A
                                                                                                            SHA1:03A726DF6B4E553FDD8A4D853FF6289FB27AD10C
                                                                                                            SHA-256:0DD32D717D517F3F0BF5D370F627C1CEBAE7CA27B63FBBB150863EC3F238B9D9
                                                                                                            SHA-512:B39602A26E352E76266323BA4A198BB06AE9891E12DCAD38B3860399D83628D5A303E05648A565B8FEB1B31C70357B4F300828DF2C9E22C630C614C6E6D81112
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........c...........a....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?..............................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Ionic.Zip.Reduced.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):253440
                                                                                                            Entropy (8bit):5.820021239165709
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:nrI52ReHNdAFnfPPShREuMPb9YlVVRxpop2i0KKCXrXSbS4KcMy8ZZL5QlcSCSLw:yNdA+Myl7TpNiWCL4EycZb4
                                                                                                            MD5:7C359500407DD393A276010AB778D5AF
                                                                                                            SHA1:4D63D669B73ACACA3FC62EC263589ACAAEA91C0B
                                                                                                            SHA-256:A4009288982E4C30D22B544167F72DB882E34F0FDA7D4061B2C02C84688C0ED1
                                                                                                            SHA-512:88A25138D0A491E5EE27499206E05B8C501DA0C73AD2B3E23D70E810A09BFC1B701817DE7F22C9F0B9F81F90235FE5EEADD112773035A11F01706EAC364B34BC
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                            • Filename: S4zkrYGHIa.exe, Detection: malicious, Browse
                                                                                                            • Filename: S4zkrYGHIa.exe, Detection: malicious, Browse
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=N...........!..................... ........@.. .......................@.......g....@.................................l...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......<%......................P ......................................:V.P......O...........{I.c....rj..D..+'.." ....w`.)..!...V.L....0-~...s.%*....2N..&....^....'..a.(.;D8..?8.....>~.}.f].5W..(h...*"..(i...*..(....*"..(....*..(....*.(....o....*..(....*..(....*V.(......}$.....}#...*..{ ...*"..} ...*..{"...*"..}"...*..{!...*N..{!...-..+..}!...*..{#...*"..}#...*..{$...*"..}$...*..{%...*"..}%...*..{&...*"..}&...*..(....*&...(....*.0............s)......o.....*....0......

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1097216
                                                                                                            Entropy (8bit):6.200315447031076
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:mEAVf5dAgAgAgyjev4ICwQGZDHSxV/wvHG:md6ev4GQGZexV/UG
                                                                                                            MD5:9E0CA1AC087B5388D27CAC68FEF292A6
                                                                                                            SHA1:1CAD41FBD7A7ACC967E4CC1F358ABEAAC9FD24CC
                                                                                                            SHA-256:F2859D100F0A59A0B21CB448B54150050626057F98F9995FC39ACF0DD0C56BC0
                                                                                                            SHA-512:B65179B99014F42DB84E92B6DF0FC5DFF3AD6D5556B9383894FCBA09A48B27E4330DB8938F8118C8189B4238958734E14907A9348D1D850825D88783869DE6A1
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Reputation:low
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.................................p...O.......................................8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......0...............@i...h..........................................>. 4......(@...*2......oA...*:........oB...*.0..,........oC...r...p $...........%...%....oD...t....*&...oE...*..(F...*..(G...*"..(H...*&...(I...*&...(J...*..{....*"..}....*..{....*"..}....*..(K...*....0..B........(K....-.r!..psL...z..(M...,.r+..psL...z..(.....sN...%.oO...(....*..(K....-.r!..psL...z.-.rK..psL...z..(......(....*..(K...*..{....*..{....*.0..B........(K....-.r!..psL...z..(M...,.r+..psL...z..}.

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*2887 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1478144
                                                                                                            Entropy (8bit):4.220762561055877
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:xluaSrCanlJAXLzFkPkOMr8CwjF3rFkQjmsO5O+VC2QC8n4upPoYDH+T+uPMg7yy:C4kMx4t3BjcrPukVXYPJfvanKoLPo
                                                                                                            MD5:2C6D047C1A82F8B532F288A49D01F0B3
                                                                                                            SHA1:2F126EDFA72227AA8B095C8B996B0ADD8F1E2213
                                                                                                            SHA-256:780541ABE3BA5D8E8E2072C1E294516E61355E7BB38E386AD0948857B8256CBC
                                                                                                            SHA-512:2FB8A6C908B292ECFB4BA6FABC71D7699E48791F53C1466B05ACC0C3CF082695925DF44608833F28CF9D8B96C1E9D4DBFC109F3DB23AEDFFAAAC21DF8F7C4256
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........G....+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\MahApps.Metro.xml

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):295801
                                                                                                            Entropy (8bit):4.546954749487013
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:+ktMqaIU0xp/utFeBiRed7dEPnGy2/4w/fuxexst:RUApi
                                                                                                            MD5:202180CB9296C56F74B472DC4FBFD101
                                                                                                            SHA1:5BC26DA38586F2BFBE86D2824872FAEE177F0575
                                                                                                            SHA-256:E90A6F9F1A642D9473C1DFEA9B4B103D76541E86F805E4445E4F185E993F4C1E
                                                                                                            SHA-512:1BB2F2139AA6657C6039F8711B490A27D7ABD08ECF4EAE8CBEEE16EECF963E70B15FFF7BA4A8EE0DA5DC08127B3F33BD0B3C4A194E82945E323787AC48AA7DB1
                                                                                                            Malicious:false
                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>MahApps.Metro</name>.. </assembly>.. <members>.. <member name="T:MahApps.Metro.Actions.CommandTriggerAction">.. <summary>.. This CommandTriggerAction can be used to bind any event on any FrameworkElement to an <see cref="T:System.Windows.Input.ICommand" />... This trigger can only be attached to a FrameworkElement or a class deriving from FrameworkElement... .. This class is inspired from Laurent Bugnion and his EventToCommand... <web>http://www.mvvmlight.net</web>.. <license> See license.txt in this solution or http://www.galasoft.ch/license_MIT.txt </license>.. </summary>.. </member>.. <member name="F:MahApps.Metro.Actions.CommandTriggerAction.CommandProperty">.. <summary>.. Identifies the <see cref="P:MahApps.Metro.Actions.CommandTriggerAction.Command" /> dependency property.. <

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Mono.Security.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):291840
                                                                                                            Entropy (8bit):5.78437836503616
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:5z5bthkBm9LrNrHhufax3e9yVB9/4pQeXrcSGiI8vI7/tf:53T0fTKWn74
                                                                                                            MD5:F5A3877D553F4D94AF799A55D01DD23B
                                                                                                            SHA1:1178A763C8B9C0092BD785E25C94FE682C61B631
                                                                                                            SHA-256:5A62D57159E42A08E629A145581BA40CCB8F1FDEBFA32ED28E1D970BFC797C26
                                                                                                            SHA-512:94E783E344D85DDC05C8144E3DC69A0518CCDD38603A11F0860471C23B1E74203A6DC58314A00D9BF833DC59F6799F513D46A53062EA4EE397FC3055E03A8DF8
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^Z,O...........!.....V...........t... ........@.. ....................................@.................................@t..K.................................................................................... ............... ..H............text....T... ...V.................. ..`.sdata...............Z..............@....rsrc................n..............@..@.reloc...............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):675240
                                                                                                            Entropy (8bit):5.939568165683378
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:4uLQZbq16LMLq42433d25X8STJmMRv0niBXh8KOBAj0W:4z/LMLq42t5X8STJmMRv0nQHOBAjx
                                                                                                            MD5:D827DD8A8C4B2A2CFA23C7F90F3CCE95
                                                                                                            SHA1:26C78DAD612AFF904F216F19F49089F84CC77EB8
                                                                                                            SHA-256:B66749B81E1489FCD8D754B2AD39EBE0DB681344E392A3F49DC9235643BDBD06
                                                                                                            SHA-512:9CE24C4497FE614B78B3F2F985CAFB817D52F21D090AA23FD87F1A3478135ABE95E0ABE3557DD3F12A5B3F4C9A09E8337169988314C12C51B4951317E0569787
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: PolyWorksReportLoop2022_IR6_Inspector.msi, Detection: malicious, Browse
                                                                                                            • Filename: AugnitoSetupX64-5.1.0.0.exe, Detection: malicious, Browse
                                                                                                            • Filename: BlueJeans.2.28.61m.msi, Detection: malicious, Browse
                                                                                                            • Filename: SourceTreeSetup-3.4.6.exe, Detection: malicious, Browse
                                                                                                            • Filename: SourceTreeSetup-3.4.5.exe, Detection: malicious, Browse
                                                                                                            • Filename: SourceTreeSetup-3.4.5.exe, Detection: malicious, Browse
                                                                                                            • Filename: SourceTreeSetup-3.4.5.exe, Detection: malicious, Browse
                                                                                                            • Filename: VoiceMan Reflex-Setup-V3.0.3.exe, Detection: malicious, Browse
                                                                                                            • Filename: SetupInstallerS.exe, Detection: malicious, Browse
                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                            • Filename: ProGetSetup5.3.6.exe, Detection: malicious, Browse
                                                                                                            • Filename: Automate.msi, Detection: malicious, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..$...........@... ...`....... ..............................i.....`..................................?..O....`...............................>..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................?......H........y..t...................d>........................................(....*..(....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{U....3...{T......(....,...{T...*..{V.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+%.{U....3..{T....o....,..{T...*.{V.....-....(....*.0..H.........{.

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                            Category:dropped
                                                                                                            Size (bytes):250244
                                                                                                            Entropy (8bit):5.05857526121953
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:IVzKtmddkMrnvoedEJNGv7sX7gq883MbRaFZF7l0ZXZWXJ08YAMRFCvedrREjz:uzDXwedEJhndX7l4cJEAeAvm2
                                                                                                            MD5:723488E359FD75C971EE5FBB65E50F54
                                                                                                            SHA1:C69442ABD1A9476E2BFDDC25DD128E41BD75B738
                                                                                                            SHA-256:B58A95BC477D69E02D22F877476E9C69C8E1CF0EB2B96B6CF2BC83AF798C4C90
                                                                                                            SHA-512:AAA7A0E54BF6542562ECADF25628170F1B513281B1AFEB7DCFA9A0C8A833BCB035CEFF4591996598876F2292B95DC52B4FFA946BD6562D23AE422065776A7D81
                                                                                                            Malicious:false
                                                                                                            Preview:BSJB............PDB v1.0........|.......#Pdb............#~.......(..#Strings............#US.....P...#GUID...D...@...#Blob...c3!l"q.@....'.:Nx......W..+........`.......h...F...s...#...I...4...............................Y...................................................................F...{...d...........k...........................................1.....<.....{.......................n.....y.................{.......................y.......................c.....n......................................................#....)#.....%.....%.....'.....'.....;.....;.....@.....@.....H.....H.....P.....P.....Y.....Y.....f.....f....Fg....Wg.....g.....g.....i.....i.....j.....j.....n.....n....Op....`p.....y....!y.....{.....{...............S.....d.....C.....T.....6.....G.....^.....o...........&.......................?.............................................................................^.....o.................q...................................................................j.....{.....

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Newtonsoft.Json.xml

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):699263
                                                                                                            Entropy (8bit):4.633228934474069
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:XqqUEknRikaaG0rH3jGHdl0/IYHtpgVIeR0R+CRFo9TA82mIKj+sJjoqoyO185Qy:DUE
                                                                                                            MD5:479550F04AE5BADDE08753E3F29E4FFE
                                                                                                            SHA1:0E9BE68EB76DB29A2448292AFBADF6A7FDE952A0
                                                                                                            SHA-256:BFB2B3619BB456629CB3B3BB321FF751D06E1C04C8749E2114E85F4578EFD4B0
                                                                                                            SHA-512:C3FA8423D96704CA61740C0A7ADC12E2C6170023BF026CD63EA3A3E0D2E9882273BA3ACE69EBB72DD22D3A5833161560A89282F3925FF12E11A5417CEE5B247A
                                                                                                            Malicious:false
                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):116224
                                                                                                            Entropy (8bit):5.9042293094465315
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:BdO3xYLjBjX15/nZwl8KBo6TlsjlaX9RuO8GMSFB1CNj0hSaI:BcK3BjXGqQyjl29YYX1CNj0hSX
                                                                                                            MD5:E0202581A4B045130B2806EC32B910F5
                                                                                                            SHA1:AB372290F196EA6F3E595D1BD0DB0705C4695EEE
                                                                                                            SHA-256:BB9CCC68B7D0D957759868BEB60E5FAAB53D8C09C8FD93E15E5C23F02D2EA0B9
                                                                                                            SHA-512:7BCD873DBF30F6B8C05409AF586452B04E33F402622B2448ACD4FCFD92F08F98461B2AEEC92BA5C07CCF18EF49BCAD5C2AE20986C31EA18EAA6277C26A7C9CE0
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.dll, Author: Joe Security
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..d.........." ..0.................. ........... ....................... ............`.....................................O.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............-............................................................{%...*..{&...*V.('.....}%.....}&...*...0..A........u........4.,/((....{%....{%...o)...,.(*....{&....{&...o+...*.*.*. .@._ )UU.Z((....{%...o,...X )UU.Z(*....{&...o-...X*...0..b........r...p......%..{%......%q.........-.&.+.......o.....%..{&......%q.........-.&.+.......o.....(/...*...0..C.......se......}.....o....(q...(....(...+..o....(q...(....(...+...o1....o1...X}.....(...+~....%-.&~......a...s3...%....

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Client.Model.Desktop.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*591 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):302592
                                                                                                            Entropy (8bit):3.995557313729345
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:xjxKkdjv0uzE3NAUTW5TxHwQuADbgGpP5:xjxKkdjcuzESHWADbgCP5
                                                                                                            MD5:061DA78D7E2FE12CB7D0BC622E0C46D4
                                                                                                            SHA1:7314D107B147CB5DFAC4D3C91BF9CEF406343F8D
                                                                                                            SHA-256:43FF080F9FD9894696938065E808BDC4031234CC4CD092D05A7D3F01A34A705C
                                                                                                            SHA-512:8729E7D255ABA1DC3E0B8F5812C8F8B44B3502CA93FBB6E55511100A5B1385CC9916263340B50010E581056EE555D5A9C17ACE35B12D86BD5C21682DF36A80C9
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........O...........K...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):47616
                                                                                                            Entropy (8bit):5.855268233794137
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:768:WGIVDyExHg1iwum3KFa1WmK4QeKA/+gaEsog99Q0bjzQoIzwGXq:5JYHg1iLpYWc9aEsog99jnz9GXq
                                                                                                            MD5:81AE367B169BC9869A4E97312A15DBBB
                                                                                                            SHA1:BA8A0A0A9C51885AFFE9CFFDCCF16AC30D12006D
                                                                                                            SHA-256:737DBD1BF3BFD43057AF93E3B0FABBE3014820FBBDF0EE578D0E3485A077F949
                                                                                                            SHA-512:32A3DF204593614E60B1197E9939751BCC08A9A1113AEA5FF7E5E654EA4997986CBBAA38F968F6E336B9276517BAFFAD2E3BB07B2318DC910BD4F28BF87EE157
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..d.........." ..0.................. ........... ....................... ............`.................................L...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4G................................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*^r...p.(.....(....(....*....0..T........(....(/...,...D...*.(......E...%..,.o0...~....%-.&~..........s1...%.....(...+(...+*..{....*"..}....*..(....*..{....*....0..*........{......(4.....-....(4...,...}......(....*..{....*"..}....*..{....*"..}....*..(5...*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Deployment.Model.Desktop.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*291 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):148992
                                                                                                            Entropy (8bit):3.819134144471349
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:0c48+874o9nVJE3xGr2g10EyBLPPsGJoLuhaTdf:W8+s9XE32yBLpJoSh
                                                                                                            MD5:CCA957EFFA716D902344D23F4D2B7C5F
                                                                                                            SHA1:A2437CCC7DB6555A3772A76DC9E998F56B129F6D
                                                                                                            SHA-256:B897F4ACFAEFAF4D91DDDF2EC7EF87B181BC6B4300E98349BD480D7CD041EEB1
                                                                                                            SHA-512:777589601B9422FFADE17FD4EBE4F78104325B9945C1AA4E655BB5A45072B4585B2A71C6C1D886C512796B5B43AFB9BFF115B4719A7DE3F70BA6F1C0B6D5799E
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........#...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):150528
                                                                                                            Entropy (8bit):6.13074769209297
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:VoBZBqTW4YPY4k2d2Kl0A31GND1tPxO38bMoCp8MHa8xht:iBZBT4YPk2dRl0N4C0
                                                                                                            MD5:9DFF44BB59B69A941F4F2EBF190D8C4F
                                                                                                            SHA1:132AEDCB8877F2453B15D95681EF9776B21EA127
                                                                                                            SHA-256:E8387FACAEBA761831CBA4E71D9AA707C1279506841D96E6A5D173A963C9F529
                                                                                                            SHA-512:93EF6E80108CBE78F3A639F1599E17C2DFF57C4CF29FB932987147EE8B8F3EE0F67EF4FC71783F4862E8F49B7BE634C604B66D97756E13512A8D0414F7B6DF34
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G._].........." ..0..B..........Fa... ........... ....................................`..................................`..O.......p............................_............................................... ............... ..H............text...LA... ...B.................. ..`.rsrc...p............D..............@..@.reloc...............J..............@..B................(a......H........................................................................0..J.......~....-=..(&...r...pr#..p('...%-.&((...o)...o*...rC..p(+...(,........~....*.......*...0..O.........+D( ......1).(-....(....rM..p..(/....(0...(1...(2......(#.....,..*..X....2..*..0..K........(-...(3...-..(-...(4...&..,.....(5......j.o6...&........(5......&..&...*.*.........'A..........'D......R...."...s7....(8...*..{....*.(9...*.(:...*J.~;...}.....(<...*&...(*...*.0...........(<.....}....... o=.

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.Desktop.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*843 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):431616
                                                                                                            Entropy (8bit):3.9696692876160005
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:QSxePb5WB1FRuO/80GLRB5PBoBAFGx8geQEAZm/wP6DrAVikCE0:tbQMI88VASq6DrAVikC3
                                                                                                            MD5:938941E58BB51C7F48B6F8D60751C3E6
                                                                                                            SHA1:78564D708297912636DA34210AD38A78C0CDD053
                                                                                                            SHA-256:875178DAAB76E668A3575ABD9F9EAF78F9090F64A8672706BA8782ACEC19E74A
                                                                                                            SHA-512:C48FE2E092106DE05F3E5554A744510F8D2212AD7AE71A35FC5A3E50913CBCC4F35FA0ACE0291636BB56CE85B37D75517188E5A082EA348FF47C3ECFD1E7246F
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........K...........H...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):163328
                                                                                                            Entropy (8bit):6.043390913497446
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:fiqduShJxyDiplKs6nFnwURob0p6H0ag:6GuskFlnhw0
                                                                                                            MD5:283AEF9F4ACEC76EB842FCE568BAE08C
                                                                                                            SHA1:80D522A2FF37B56D109D367A049BBAD685C7665C
                                                                                                            SHA-256:DDC476C48F5A9A4BA1AC1FB222AB108DEDD6FCBFD39878E7B0C75B2623050B97
                                                                                                            SHA-512:BCE8E084D33DB85FCA2AE5F6834EB1D5E99ECC68B838E60E11B1DAA0B362066CE8BD71D202BA6A1F869E6887C816CA30FED598A37D0F3D99AB6964F975657C2C
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E._].........." ..0..t............... ........... ....................................@.................................P...O.......0............................................................................ ............... ..H............text....r... ...t.................. ..`.rsrc...0............v..............@..@.reloc...............|..............@..B........................H...........T.................................................................(/...(0...(...+~2...%-.&~3.....4...s5...%.2...(...+(...+*Z.....(/....(7........*...0.............(...+&.*..{....*..{....*..{....*..{....*..{....*......(....*..0.........................(....*..(9.....}......}......}.......}.......}....*.(A...o...+*..(9...*...(......(......(......(....(....*>....(....(:...*...(......(......(......(....(....*.0............Y...Y...Z..ZX*Z#.-DT.!.@.Z#......f@[*2.#..c..

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\SensorySoftware.Shared.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*887 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):454144
                                                                                                            Entropy (8bit):3.896951628367518
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:+2F0ZdGBdQUqhQR8qHFMv0Ghmibk9UxHnjURlQAZ4lSUKVIQs4da/c:+2QdGBfXCqHa8z9UpnjU1Z4lQFda/c
                                                                                                            MD5:791998C5E1CE2E4B25C1BB50E91D6998
                                                                                                            SHA1:24567636EEFDAC9616836B853CDB9CCBD780225C
                                                                                                            SHA-256:9AFB677B6F8AAC880C905FBA3CAD4C0355113DF4FDEFF695688DF72D874610CD
                                                                                                            SHA-512:C29591556031745FBA9B6C19A7529CF156DF539858DFF9BE0FCFC0E5ABE3F74A85B15A90AAC44CAB666EE5FA3E29694AA2D2E1D89F1354F42911FFBC7138ADF2
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........w...........u...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):31232
                                                                                                            Entropy (8bit):5.60559578012225
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:SNo1OmR1fvh3sWcQ8v6M9bDiBlSeKk5znq+rtkSI3+M3rckKaj8Bazs3iLqim0o4:DZh3fcQCV8ce/zq+xXK+M3UgUim9qZ
                                                                                                            MD5:3933006D8C9FCE74F7DE5357C97A69AA
                                                                                                            SHA1:C0BB904E223373F5452080E2551AC0CA0645A5F9
                                                                                                            SHA-256:AFCE5B9C4C08332A2E17E7D9CF954938E8DCFD74588BC1FD0D24AB8E631A6238
                                                                                                            SHA-512:8C5B0D4471041BA059C59E4229E3A9E93E9990951D722E0FAE72086B64A849077555DEB73ABC4FA4D5F950C1FD722A22756EC3B068A0FB63AB2017C736325AAF
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..N...........!.....r..........n.... ........@.. ...............................w....@.....................................S.......x............................................................................ ............... ..H............text...tp... ...r.................. ..`.rsrc...x............t..............@..@.reloc...............x..............@..B................P.......H........=...Q...........6..?...P .......................................J! ......}....%...x`.c....i..D-.VO......r.. v....\.n.6...]zo5.e........<.K]6....}...*..h.........X=...nu&....4..,.a9.o.0..Q........s....}.....s....}............s....}.....(......r...p(...+}......r...p(...+}....*..(....*2.{....o....*6.{.....o ...*.0..m........s....}.....s....}............s....}.....(....s!.....s"......o ....}........#...s$...}........%...s&...}....*2.{....o'...*6.{.....o(...*2.()

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*171 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):87552
                                                                                                            Entropy (8bit):3.432670271471145
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:Z4ZZlSfAc/I8bpZmg2pQhE4KVt2h8KQ982BPD9nOOpsidNdSy5b22bCjApPPyQil:Z43lSLQUy9fsuNYyNpc3qISdPp8J7m
                                                                                                            MD5:46CC175B6D46D615F144202EC9473A1B
                                                                                                            SHA1:284EB1306FBEA0D073A70C5ED1557BC14D5FB307
                                                                                                            SHA-256:18C05244F7F29CBD2453FB8A005CD3E41826E28330E9684C0C5F705A479A46C3
                                                                                                            SHA-512:B1AE6518B0A613234B055B91FC804BD6D613A1DBF25157A1E4C24C90BC9A2F93A0B67D0C43FF07240BA626F3695D88B0A17128B79198C4F70EFFB27DFDDC06C8
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\Stateless.xml

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):37260
                                                                                                            Entropy (8bit):4.45260822141674
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:mr4Lel36KhH8qJu/7m6JpK4r6+IaihzMXFsfU2C9jUd+tGJG00NzNSM4/4WS7TCx:O+qHfnXnsYD13
                                                                                                            MD5:2DD128909AAD5A68B845C725A27F91EF
                                                                                                            SHA1:CBD0797745A8A565B914B8C0D9FC1089AD1EACA9
                                                                                                            SHA-256:2387E86F5FCCFE6ACFB224BBE0A4CBD87ABF48AFB67154B96792917FF88F0981
                                                                                                            SHA-512:016CB0199B25ECDA06E8C8B29AEDA8429E096E400D195E4AA461D0B8F997D38883A2F93911FA85600FE2BEEC6DC27D82DC129C32990DCF20B2DD2371A780BE19
                                                                                                            Malicious:false
                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Stateless</name>.. </assembly>.. <members>.. <member name="T:Stateless.StateMachine`2">.. <summary>.. Models behaviour as transitions between a finite set of states... </summary>.. <typeparam name="TState">The type used to represent the states.</typeparam>.. <typeparam name="TTrigger">The type used to represent the triggers that cause state transitions.</typeparam>.. </member>.. <member name="M:Stateless.StateMachine`2.#ctor(System.Func{`0},System.Action{`0})">.. <summary>.. Construct a state machine with external state storage... </summary>.. <param name="stateAccessor">A function that will be called to read the current state value.</param>.. <param name="stateMutator">An action that will be called to write new state values.</param>.. </member>.. <member name="M:Stateless.State

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\System.Windows.Interactivity.dll

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):55904
                                                                                                            Entropy (8bit):6.299047178318044
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4
                                                                                                            MD5:580244BC805220253A87196913EB3E5E
                                                                                                            SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
                                                                                                            SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
                                                                                                            SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\dotNet452_Web.exe

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1118920
                                                                                                            Entropy (8bit):7.899678401653382
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:Jz9m04PLdUcyezFSjaggwdRTw28Z4Qn+dwVY0YbxYRyUwuGqq:59m04DGexmLTQn+dwZYMyXd
                                                                                                            MD5:CA41DBA55A727F01104871B160CD5B1D
                                                                                                            SHA1:5B71B20A455F6EEAB79DD1EDCAB0BA66AD0D2208
                                                                                                            SHA-256:BD173D14A371E6786C4AE90BE1F2C560458D672BA4CBEB3CF55BEBFEF2E2778A
                                                                                                            SHA-512:90A3A5A57EA8A6508EEE0D129303C7CB012AABF651DD9A6BEFC20DA3BBDB09FC47FD087645051D3D45BFF909DFC6E6039C22C4816FBC793A847E81701248639E
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.]`r.33r.33r.33ih.3s.33U3^3q.33...3s.33...3Y.33...3`.33...3..33r.23..33...3g.33l..3s.33ih.37.33ih.3s.33ih.3s.33ih.3s.33Richr.33................PE..L....t.R.........."......h...t......v.............@..........................@.......=....@...... ..................pv...................................>..........@................................V..@............................................text....g.......h.................. ..`.data....7...........l..............@....idata..*...........................@..@.boxld01............................@..@.rsrc............ ..................@..@.reloc..j(.......*..................@..B................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):426848
                                                                                                            Entropy (8bit):5.944329543937919
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:20mbyiCo9bQjA4KRIQS6gdhAykm0g4E354n1bgk1CcKqLF2mHTmlxG6O:fmuiCo9bSfHF4nJJKkFAlxGH
                                                                                                            MD5:2BDEC611319F5BB269337BCBFF6346DE
                                                                                                            SHA1:AF345CF69B5ABDAC4F336EC09CDD95CCB09C307D
                                                                                                            SHA-256:7782FC7BA9AE6FED274B22EC75C517DE28B3EAE87ABE46B3E9D3410DB0F2B60A
                                                                                                            SHA-512:EB03B4DB161E2359C878BF0496796FC7638B96E2F123C547C2B3F7DEC755DD6787AEECDF068853E28AF918848A208C0BD031A625670D4908A75DC702FFFFBBEA
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..d.........."...0.................. ........@.. ....................................`....................................O....................Z..`)........................................................... ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc...............X..............@..B........................H.......<e..........D...L...X............................................0..I.......~....-<~..........(....~....-.s....t.........~....o.......,..(.....~....*...........*9.......s.........*.(....o.....3.(....o......s....o..........*.*.(....,.(......( ...n.( ...no....*R(....,.(......o....*..(....*.0..h........(!...("...r...po#...... ...s$...s%......s&...}3....{3..........s'...o(....{3..........s)...o*....(....*n.o+.....3..{3...o,...(-...*.0..h........{4...,.*.{3...o....-.*.s/..

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.ico

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MS Windows icon resource - 5 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                            Category:dropped
                                                                                                            Size (bytes):46136
                                                                                                            Entropy (8bit):7.472919026041486
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:768:3TwkgqeQ0TwRYtvWelNa/BoVl9xsBOCw+cKip9a0L9LIM72mHgkD:BgzQKvtee77VlR+cKc9LF2mHfD
                                                                                                            MD5:051CE1836FBEF0E2CAC7EF77CFD8A9F0
                                                                                                            SHA1:A88C44182921345C8125EB2D2731507B1FC4334F
                                                                                                            SHA-256:A581BF78DB567A05B27991A9F9E4B18CC54F4E22CABC8376341F4EFC192D801C
                                                                                                            SHA-512:C1001DD2A2A5FE70AEA30CBB8433F350A336A8C13C95551C46344CB258446F5E52046485121928EBF6BEB87EA74481178BDDAFB0AD7100988210E707676FF1AB
                                                                                                            Malicious:false
                                                                                                            Preview:..............(...V... ..........~...00..........f...........R..................`1..(....... ...............................g>..oG..zV ..W...q...b0..zP......f.....................................D0......wwwD.....4Dt.....X.....................%.........n........P...... ......................P..................................................................................(... ...@...............................g>..rI..zV ..T...e...o...b0..tH......f...........................................................................X.S.................U3..........X................4UX....0.............31..........................)..p................`.........................................................................................................................................................~..p......................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.pdb

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            File Type:MSVC program database ver 7.00, 512*247 bytes
                                                                                                            Category:dropped
                                                                                                            Size (bytes):126464
                                                                                                            Entropy (8bit):4.034806775846315
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:768:JGueyqxF0cT9Xkuklr4aNArtZXHcvF0OnLf9D29KaNkcAsIFLwFkp0RQhCHu1U1N:5/xIOTpCQUHXoutigMK
                                                                                                            MD5:2A369C7E6FF1F2B5B3E9D507D8A9DD29
                                                                                                            SHA1:84C5811252EA262094E5E52B1B08B3A51B2BCC5C
                                                                                                            SHA-256:BA075D2ADB867052513EC0A0963C6819CA6250AB82FEDFE77CF3F8F2A587DC1B
                                                                                                            SHA-512:7FCA8E202268E97B5078910FE06385A31480BBF5BD7439F20404F3AC0BF92DDE36D774EFB0F7D523165632E55850F1939A410EB7D094D2B97792642E7A0D1AC8
                                                                                                            Malicious:false
                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Entropy (8bit):7.099378870708456
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                            File name:Grid 3.exe
                                                                                                            File size:18'771'680 bytes
                                                                                                            MD5:06844e65a7a827a949c5e6a236a6c8de
                                                                                                            SHA1:d477de3fe8e271afbb8be7fd22bc2cbb54c6e6cd
                                                                                                            SHA256:dc7900304965f4d32aed8b701a884ff2549e40d7d869f4de3900c71f872be353
                                                                                                            SHA512:0a7c88601b40e9bb894fbeb8ad61b3a88dc996dc56a350119624084e34c82a5f975828a113b85ff722a8cec5ced4ff019bd5c80003b58416a7ae2b2cd3e84aa3
                                                                                                            SSDEEP:393216:dlMUa/hAoeZzUzZi7G5VyoozBiEuix0cxKLLs/w:vMEr2zDK3kEM4KLLs4
                                                                                                            TLSH:8017D0307286C676D8EA05B14CBEF75AE77DAA35072550C77294AE6C1C712C23B327A3
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............eo..eo..eo......eo...k..eo...l..eo...j..eo...k..eo...n..eo..en.Udo.s.l..eo.s.f..go.s.o..eo.s....eo.s.m..eo.Rich.eo........

                                                                                                            File Icon

                                                                                                            Icon Hash:3229b9626db1681c

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x8db760
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:true
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x6491FD80 [Tue Jun 20 19:26:56 2023 UTC]
                                                                                                            TLS Callbacks:0x8dad70, 0x8db410
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:6
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:6
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:6
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:2f5964c100770a6753ead4074154a4f9

                                                                                                            Authenticode Signature

                                                                                                            Signature Valid:true
                                                                                                            Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                            Error Number:0
                                                                                                            Not Before, Not After
                                                                                                            • 7/19/2021 2:00:00 AM 7/19/2024 1:59:59 AM
                                                                                                            Subject Chain
                                                                                                            • CN=Smartbox Assistive Technology Limited, O=Smartbox Assistive Technology Limited, L=Malvern, C=GB
                                                                                                            Version:3
                                                                                                            Thumbprint MD5:D14905A727F8B022A010C2D06FF946EB
                                                                                                            Thumbprint SHA-1:962E92260341B77930B8C04623C898D9AC6B1437
                                                                                                            Thumbprint SHA-256:205BA276FED9B6C8FAEDC2ED2F8A3A3B08A6FD7C1CF540167627E9A06DE411DF
                                                                                                            Serial:0091AABFC781EE5937451512A8D1743A43
                                                                                                            Instruction
                                                                                                            call 00007F520462A2A6h
                                                                                                            jmp 00007F5204629CBDh
                                                                                                            push ebp
                                                                                                            mov ebp, esp
                                                                                                            sub esp, 00000324h
                                                                                                            push ebx
                                                                                                            push 00000017h
                                                                                                            call dword ptr [00936310h]
                                                                                                            test eax, eax
                                                                                                            je 00007F5204629E57h
                                                                                                            mov ecx, dword ptr [ebp+08h]
                                                                                                            int 29h
                                                                                                            push 00000003h
                                                                                                            call 00007F5204629FFFh
                                                                                                            mov dword ptr [esp], 000002CCh
                                                                                                            lea eax, dword ptr [ebp-00000324h]
                                                                                                            push 00000000h
                                                                                                            push eax
                                                                                                            call 00007F520462D014h
                                                                                                            add esp, 0Ch
                                                                                                            mov dword ptr [ebp-00000274h], eax
                                                                                                            mov dword ptr [ebp-00000278h], ecx
                                                                                                            mov dword ptr [ebp-0000027Ch], edx
                                                                                                            mov dword ptr [ebp-00000280h], ebx
                                                                                                            mov dword ptr [ebp-00000284h], esi
                                                                                                            mov dword ptr [ebp-00000288h], edi
                                                                                                            mov word ptr [ebp-0000025Ch], ss
                                                                                                            mov word ptr [ebp-00000268h], cs
                                                                                                            mov word ptr [ebp-0000028Ch], ds
                                                                                                            mov word ptr [ebp-00000290h], es
                                                                                                            mov word ptr [ebp-00000294h], fs
                                                                                                            mov word ptr [ebp-00000298h], gs
                                                                                                            pushfd
                                                                                                            pop dword ptr [ebp-00000264h]
                                                                                                            mov eax, dword ptr [ebp+04h]
                                                                                                            mov dword ptr [ebp-0000026Ch], eax
                                                                                                            lea eax, dword ptr [ebp+04h]
                                                                                                            mov dword ptr [ebp-00000260h], eax
                                                                                                            mov dword ptr [ebp-00000324h], 00010001h
                                                                                                            mov eax, dword ptr [eax-04h]
                                                                                                            push 00000050h
                                                                                                            mov dword ptr [ebp-00000270h], eax
                                                                                                            lea eax, dword ptr [ebp-58h]
                                                                                                            push 00000000h
                                                                                                            push eax
                                                                                                            call 00007F5204629E8Ah
                                                                                                            Programming Language:
                                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x6725100xc4.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6725d40x168.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x69a0000x13c8a4.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x11e41900x2d50
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7d70000x4164c.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x604b080x54.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x604b800x18.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x53b9c00x40.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x5360000x724.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x6724080x60.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x10000x533e9a0x534000unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .CLR_UEF0x5350000x440x200False0.134765625data0.9617583915731932IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rdata0x5360000x13ecd40x13ee00False0.3648844815758526data5.069983415775223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .data0x6750000x12abc0x5400False0.2623697916666667Matlab v4 mat-file (little endian) \377\377\377\377, numeric, rows 0, columns 03.7060473110165457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                            .didat0x6880000x1c0x200False0.0546875data0.25996289920834015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                            _RDATA0x6890000x10f100x11000False0.16291360294117646data5.364619170209927IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0x69a0000x13c8a40x13ca00False0.4193613057639163data6.449520375621085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0x7d70000x4164c0x41800False0.5932654460877863data6.67297548648758IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_ICON0x69a2cc0x128Device independent bitmap graphic, 16 x 32 x 4, image size 1920.5371621621621622
                                                                                                            RT_ICON0x69a3f40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.33602150537634407
                                                                                                            RT_ICON0x69a6dc0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.332089552238806
                                                                                                            RT_ICON0x69b5840x1e52PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9545220304045349
                                                                                                            RT_ICON0x69d3d80x82d8PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced0.8195903988535944
                                                                                                            RT_RCDATA0x6a56b00x24data1.1944444444444444
                                                                                                            RT_RCDATA0x6a56d40x130ba8PE32 executable (DLL) (GUI) Intel 80386, for MS Windows0.41280174255371094
                                                                                                            RT_GROUP_ICON0x7d627c0x4cdata0.8157894736842105
                                                                                                            RT_VERSION0x7d62c80x3f0SysEx File - OctavePlateau0.3373015873015873
                                                                                                            RT_MANIFEST0x7d66b80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                            DLLImport
                                                                                                            KERNEL32.dllRaiseException, FreeLibrary, RaiseFailFastException, GetExitCodeProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, AddVectoredExceptionHandler, MultiByteToWideChar, GetTickCount, GetCurrentProcessId, FlushInstructionCache, QueryPerformanceFrequency, QueryPerformanceCounter, InterlockedPushEntrySList, InterlockedFlushSList, InitializeSListHead, GetTickCount64, DuplicateHandle, QueueUserAPC, WaitForSingleObjectEx, SetThreadPriority, GetThreadPriority, ResumeThread, GetCurrentThreadId, TlsAlloc, GetCurrentThread, CreateThread, GetModuleHandleW, WaitForMultipleObjectsEx, SignalObjectAndWait, SetThreadStackGuarantee, VirtualQuery, WriteFile, GetStdHandle, GetConsoleOutputCP, MapViewOfFileEx, UnmapViewOfFile, GetStringTypeExW, SetEvent, GetCurrentProcessorNumber, GlobalMemoryStatusEx, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, InterlockedPopEntrySList, GetCurrentProcessorNumberEx, ExitProcess, Sleep, CreateMemoryResourceNotification, GetProcessAffinityMask, SetThreadIdealProcessorEx, GetThreadIdealProcessorEx, GetLargePageMinimum, VirtualUnlock, ResetWriteWatch, GetWriteWatch, GetLogicalProcessorInformation, SetThreadGroupAffinity, SetThreadAffinityMask, IsProcessInJob, QueryInformationJobObject, K32GetProcessMemoryInfo, VirtualAlloc, VirtualFree, VirtualProtect, SleepEx, SwitchToThread, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, ReadFile, GetFileSize, GetEnvironmentVariableW, SetEnvironmentVariableW, CreateEventW, ResetEvent, CreateSemaphoreExW, ReleaseSemaphore, CreateMutexW, ReleaseMutex, WaitForSingleObject, SuspendThread, SetThreadContext, GetEnabledXStateFeatures, InitializeContext, CopyContext, SetXStateFeaturesMask, WerRegisterRuntimeExceptionModule, GetSystemDefaultLCID, GetUserDefaultLCID, OutputDebugStringA, RtlUnwind, HeapAlloc, HeapFree, GetProcessHeap, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, FormatMessageW, GetACP, LCMapStringEx, LocalFree, VerSetConditionMask, VerifyVersionInfoW, IsWow64Process, QueryThreadCycleTime, VirtualAllocExNuma, GetNumaProcessorNodeEx, GetNumaHighestNodeNumber, GetSystemTimes, GetSystemTimeAsFileTime, GetModuleFileNameW, CreateProcessW, GetCPInfo, LoadLibraryExW, CreateFileW, GetFileAttributesExW, GetTempPathW, GetCurrentDirectoryW, GetFullPathNameW, LoadLibraryExA, OpenEventW, ExitThread, HeapReAlloc, CreateNamedPipeA, WaitForMultipleObjects, DisconnectNamedPipe, CreateFileA, CancelIoEx, GetOverlappedResult, ConnectNamedPipe, FlushFileBuffers, SetFilePointer, CreateFileMappingW, MapViewOfFile, GetActiveProcessorGroupCount, GetSystemTime, SetConsoleCtrlHandler, GetLocaleInfoEx, GetUserDefaultLocaleName, LoadLibraryW, CreateDirectoryW, RemoveDirectoryW, GetFileSizeEx, FindFirstFileExW, FindNextFileW, FindClose, LoadLibraryA, InitializeCriticalSectionAndSpinCount, CloseHandle, TlsSetValue, TlsGetValue, GetSystemInfo, GetCurrentProcess, ReadProcessMemory, OutputDebugStringW, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCommandLineW, GetProcAddress, GetModuleHandleExW, SetErrorMode, FlushProcessWriteBuffers, SetLastError, DebugBreak, GetLastError, GetThreadContext, WideCharToMultiByte, DecodePointer, InitializeCriticalSectionEx, IsProcessorFeaturePresent, EncodePointer, TlsFree, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableSRW, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, GetExitCodeThread, GetStringTypeW, CreateFileMappingA
                                                                                                            ADVAPI32.dllRegGetValueW, SetKernelObjectSecurity, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, DeregisterEventSource, ReportEventW, RegisterEventSourceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, EventRegister, AdjustTokenPrivileges, OpenProcessToken, LookupPrivilegeValueW, SetThreadToken, RevertToSelf, OpenThreadToken, EventWriteTransfer, EventWrite
                                                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CoWaitForMultipleHandles, IIDFromString, CLSIDFromProgID, CoGetMarshalSizeMax, CoCreateGuid, CoUnmarshalInterface, CoGetObjectContext, CoGetContextToken, CoGetClassObject, CoCreateFreeThreadedMarshaler, CreateStreamOnHGlobal, CoUninitialize, CoInitializeEx, CoMarshalInterface, CoRegisterInitializeSpy, CoRevokeInitializeSpy, CoReleaseMarshalData, StringFromGUID2
                                                                                                            OLEAUT32.dllSafeArrayAllocDescriptorEx, GetRecordInfoFromTypeInfo, SafeArraySetRecordInfo, SafeArrayAllocData, SafeArrayGetElemsize, VarCyFromDec, SysAllocStringByteLen, SafeArrayCreateVector, SafeArrayPutElement, LoadRegTypeLib, CreateErrorInfo, SysStringByteLen, SysFreeString, GetErrorInfo, VariantInit, SetErrorInfo, VariantClear, VariantChangeTypeEx, VariantChangeType, SafeArrayGetVartype, LoadTypeLibEx, QueryPathOfRegTypeLib, SafeArrayDestroy, SafeArrayGetLBound, SafeArrayGetDim, SysAllocStringLen, SysAllocString, SysStringLen
                                                                                                            USER32.dllLoadStringW, MessageBoxW
                                                                                                            SHELL32.dllShellExecuteW
                                                                                                            api-ms-win-crt-string-l1-1-0.dllstrcmp, iswupper, towlower, isalpha, isdigit, wcstok_s, strnlen, _wcsnicmp, iswascii, towupper, wcscat_s, strlen, wcscpy_s, wcsncat_s, strncat_s, iswspace, wcsncpy_s, strcspn, _wcsicmp, strcpy_s, isupper, strcat_s, strncpy_s, _wcsdup, _strnicmp, strncmp, islower, toupper, strtok_s, isspace, _strdup, __strncnt, _stricmp, wcsnlen, tolower, wcsncmp
                                                                                                            api-ms-win-crt-stdio-l1-1-0.dllfclose, _wfopen, _flushall, fseek, __stdio_common_vswprintf, __stdio_common_vfwprintf, __p__commode, fgets, _set_fmode, fputws, fputwc, __stdio_common_vsscanf, _get_stream_buffer_pointers, ftell, _fseeki64, fread, fsetpos, ungetc, _fileno, _dup, fgetpos, _setmode, setvbuf, _wfsopen, __stdio_common_vfprintf, fopen, fwrite, __stdio_common_vsnwprintf_s, __stdio_common_vsprintf_s, fgetc, __acrt_iob_func, fflush, fputs, fputc, __stdio_common_vsnprintf_s
                                                                                                            api-ms-win-crt-runtime-l1-1-0.dllterminate, _errno, _beginthreadex, _invalid_parameter_noinfo_noreturn, _controlfp_s, _invalid_parameter_noinfo, _register_thread_local_exe_atexit_callback, _c_exit, __p___wargv, __p___argc, abort, exit, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _wcserror_s, _configure_wide_argv, _initialize_wide_environment, _get_initial_wide_environment, _initterm, _initterm_e, _exit
                                                                                                            api-ms-win-crt-convert-l1-1-0.dllatol, strtoull, atoi, _itow_s, _wtoi, _ltow_s, wcstoul, strtoul, _wcstoui64
                                                                                                            api-ms-win-crt-heap-l1-1-0.dllfree, realloc, calloc, malloc, _set_new_mode
                                                                                                            api-ms-win-crt-utility-l1-1-0.dllqsort
                                                                                                            api-ms-win-crt-math-l1-1-0.dll__libm_sse2_asin, __libm_sse2_acos, _CItanh, _CIsinh, _CIfmod, _CIcosh, _CIatan2, __libm_sse2_atan2, __libm_sse2_cos, log2, atanh, acosh, cbrt, __libm_sse2_exp, asinhf, atanhf, cbrtf, acoshf, log2f, ceil, floor, __libm_sse2_log, _isnan, __libm_sse2_log10, __libm_sse2_pow, __libm_sse2_sin, __libm_sse2_tan, _fdopen, _libm_sse2_acos_precise, _libm_sse2_asin_precise, trunc, truncf, ilogb, ilogbf, _finite, _libm_sse2_atan_precise, _libm_sse2_cos_precise, _copysign, modf, _libm_sse2_tan_precise, frexp, _libm_sse2_exp_precise, _libm_sse2_log10_precise, __libm_sse2_atan, fma, _libm_sse2_log_precise, _libm_sse2_sqrt_precise, _libm_sse2_sin_precise, asinh, fmaf, _libm_sse2_pow_precise, __setusermatherr
                                                                                                            api-ms-win-crt-time-l1-1-0.dllwcsftime, _gmtime64_s, _time64
                                                                                                            api-ms-win-crt-environment-l1-1-0.dllgetenv
                                                                                                            api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale, _unlock_locales, __pctype_func, ___lc_locale_name_func, ___lc_codepage_func, ___mb_cur_max_func, _lock_locales, localeconv, setlocale
                                                                                                            api-ms-win-crt-filesystem-l1-1-0.dll_lock_file, _unlock_file, _wremove, _wrename
                                                                                                            NameOrdinalAddress
                                                                                                            CLRJitAttachState30xa80d34
                                                                                                            DotNetRuntimeInfo40xa76540
                                                                                                            MetaDataGetDispenser50x88bfa0
                                                                                                            g_CLREngineMetrics20xa75f64
                                                                                                            g_dacTable60x94e7b0

                                                                                                            Network Behavior

                                                                                                            No network behavior found

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            0204060s020406080100

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            0204060s0.0010203040MB

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            • File
                                                                                                            • Registry

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:10:20:04
                                                                                                            Start date:05/10/2023
                                                                                                            Path:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Users\user\Desktop\Grid 3.exe
                                                                                                            Imagebase:0x410000
                                                                                                            File size:18'771'680 bytes
                                                                                                            MD5 hash:06844E65A7A827A949C5E6A236A6C8DE
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true
                                                                                                            Show Windows behavior

                                                                                                            File Activities

                                                                                                            Show Windows behavior

                                                                                                            Section Activities

                                                                                                            Show Windows behavior

                                                                                                            Registry Activities

                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                            Show Windows behavior

                                                                                                            Mutex Activities

                                                                                                            Show Windows behavior

                                                                                                            Process Activities

                                                                                                            Show Windows behavior

                                                                                                            Thread Activities

                                                                                                            Show Windows behavior

                                                                                                            Memory Activities

                                                                                                            Show Windows behavior

                                                                                                            System Activities

                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                            Show Windows behavior

                                                                                                            Windows UI Activities

                                                                                                            Process Token Activities

                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:10:20:06
                                                                                                            Start date:05/10/2023
                                                                                                            Path:C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\Smartbox Update\ssUpdate.exe" DeploymentMode="Install" InstallationId="Grid 3
                                                                                                            Imagebase:0x18d209b0000
                                                                                                            File size:426'848 bytes
                                                                                                            MD5 hash:2BDEC611319F5BB269337BCBFF6346DE
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Antivirus matches:
                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                            • Detection: 0%, Virustotal, Browse
                                                                                                            Reputation:low
                                                                                                            Has exited:false
                                                                                                            Show Windows behavior

                                                                                                            File Activities

                                                                                                            Show Windows behavior

                                                                                                            Section Activities

                                                                                                            Show Windows behavior

                                                                                                            Registry Activities

                                                                                                            Show Windows behavior

                                                                                                            Mutex Activities

                                                                                                            Show Windows behavior

                                                                                                            Process Activities

                                                                                                            Show Windows behavior

                                                                                                            Thread Activities

                                                                                                            Show Windows behavior

                                                                                                            Memory Activities

                                                                                                            Show Windows behavior

                                                                                                            System Activities

                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                            Show Windows behavior

                                                                                                            Windows UI Activities

                                                                                                            Process Token Activities

                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                            Disassembly

                                                                                                            Execution Graph

                                                                                                            Execution Coverage

                                                                                                            Dynamic/Packed Code Coverage

                                                                                                            Signature Coverage

                                                                                                            Execution Coverage:5.1%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:82
                                                                                                            Total number of Limit Nodes:4
                                                                                                            Show Legend
                                                                                                            Hide Nodes/Edges
                                                                                                            execution_graph 5353 35556b7 5354 35556dd 5353->5354 5355 35556cf 5353->5355 5355->5354 5356 3555774 CreateFileW 5355->5356 5357 35557b5 5356->5357 5358 3552b83 5359 3552b9a 5358->5359 5360 3552b89 5358->5360 5363 35561f1 5360->5363 5366 3556200 5360->5366 5364 3556211 5363->5364 5369 3556281 5363->5369 5364->5359 5368 3556281 FindCloseChangeNotification 5366->5368 5367 3556211 5367->5359 5368->5367 5370 35562a3 FindCloseChangeNotification 5369->5370 5372 35562e0 5370->5372 5372->5364 5373 35539d8 5374 35539e4 5373->5374 5376 3553a04 5373->5376 5375 3553a73 5376->5375 5380 3553ad1 5376->5380 5390 3553ae0 5376->5390 5377 3553a6c 5381 3553ad4 5380->5381 5382 3553b2e 5381->5382 5383 3553b17 5381->5383 5385 3553ba6 5382->5385 5400 3553d78 5382->5400 5416 3553d88 5382->5416 5386 3553ad1 WriteFile 5383->5386 5387 3553ae0 WriteFile 5383->5387 5384 3553b24 5384->5377 5385->5377 5386->5384 5387->5384 5391 3553ae4 5390->5391 5392 3553b17 5391->5392 5394 3553b2e 5391->5394 5398 3553ad1 WriteFile 5392->5398 5399 3553ae0 WriteFile 5392->5399 5393 3553b24 5393->5377 5395 3553ba6 5394->5395 5396 3553d78 WriteFile 5394->5396 5397 3553d88 WriteFile 5394->5397 5395->5377 5396->5395 5397->5395 5398->5393 5399->5393 5401 3553d7c 5400->5401 5402 3553d9b 5401->5402 5404 3553dc4 5401->5404 5410 3553d78 WriteFile 5402->5410 5411 3553d88 WriteFile 5402->5411 5432 3553dd0 5402->5432 5403 3553dbe 5403->5385 5405 3553df6 5404->5405 5407 3553e30 5404->5407 5413 3553dd0 WriteFile 5405->5413 5414 3553d78 WriteFile 5405->5414 5415 3553d88 WriteFile 5405->5415 5406 3553e0e 5406->5385 5408 3553e6a 5407->5408 5442 35540a1 5407->5442 5408->5385 5410->5403 5411->5403 5413->5406 5414->5406 5415->5406 5417 3553d97 5416->5417 5418 3553d9b 5417->5418 5420 3553dc4 5417->5420 5425 3553dd0 WriteFile 5418->5425 5426 3553d78 WriteFile 5418->5426 5427 3553d88 WriteFile 5418->5427 5419 3553dbe 5419->5385 5421 3553df6 5420->5421 5423 3553e30 5420->5423 5429 3553dd0 WriteFile 5421->5429 5430 3553d78 WriteFile 5421->5430 5431 3553d88 WriteFile 5421->5431 5422 3553e0e 5422->5385 5424 3553e6a 5423->5424 5428 35540a1 WriteFile 5423->5428 5424->5385 5425->5419 5426->5419 5427->5419 5428->5424 5429->5422 5430->5422 5431->5422 5433 3553dd4 5432->5433 5434 3553df6 5433->5434 5436 3553e30 5433->5436 5438 3553dd0 WriteFile 5434->5438 5439 3553d78 WriteFile 5434->5439 5440 3553d88 WriteFile 5434->5440 5435 3553e0e 5435->5403 5437 3553e6a 5436->5437 5441 35540a1 WriteFile 5436->5441 5437->5403 5438->5435 5439->5435 5440->5435 5441->5437 5443 35540a8 WriteFile 5442->5443 5445 3554134 5443->5445 5445->5408

                                                                                                            Executed Functions

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 259 3555a60-3555a6d 260 3555a6f-3555a96 259->260 261 3555acb-3555ad1 259->261 269 3555ae1-3555b0e 260->269 270 3555a98-3555ac8 260->270 262 3555b15-3555b3c 261->262 263 3555ad3-3555ae0 261->263 267 3555b55-3555b6c 262->267 268 3555b3e-3555b40 262->268 272 3555b6d-3555bbc 267->272 271 3555b42-3555b4e 268->271 268->272 269->262 270->261 278 3555b50-3555b54 271->278 279 3555bc3-3555bcf 271->279 272->279 285 3555bd1-3555bd7 279->285 286 3555bd8-3555c12 279->286 285->286 296 3555c14-3555c1b 286->296 297 3555c1c-3555c61 286->297 296->297 299 3555cc1-3555ccf 297->299 300 3555c63-3555c6b 297->300 301 3555cd5-3555cde 299->301 302 3555dea-3555def 299->302 303 3555c6d-3555c73 300->303 304 3555cbe 300->304 305 3555d11-3555d17 301->305 306 3555ce0-3555d07 301->306 307 3555df1-3555dfd 302->307 308 3555dfe-3555e03 302->308 309 3555c75-3555c82 303->309 310 3555cb9-3555cbc 303->310 304->299 315 3555ddc-3555de8 305->315 320 3555d1c-3555d1e 306->320 321 3555d09-3555d0f 306->321 311 3555e09-3555e0f 308->311 312 3555eb8-3555edd 308->312 313 3555c84-3555cae 309->313 314 3555cb1-3555cb8 309->314 310->299 317 3555e11-3555e1d 311->317 318 3555e1f-3555e2b 311->318 338 3555ee4-3555ef2 312->338 313->314 315->311 328 3555e3d-3555e43 317->328 332 3555e31 318->332 333 3555e2d-3555e2f 318->333 324 3555d21-3555d31 320->324 321->324 330 3555d91-3555d93 324->330 331 3555d33-3555d35 324->331 335 3555e45-3555e8f 328->335 336 3555eae-3555eb7 328->336 337 3555d97-3555d9b 330->337 331->338 339 3555d3b-3555d5b 331->339 334 3555e34-3555e36 332->334 333->334 334->328 373 3555e91-3555e99 335->373 374 3555e9b-3555e9e 335->374 341 3555dd3-3555dd9 337->341 342 3555d9d-3555da4 337->342 351 3555ef4-3555efa 338->351 352 3555efc-3555f03 338->352 349 3555d5d-3555d67 339->349 350 3555d6a-3555d73 339->350 341->315 346 3555da6-3555dc1 342->346 347 3555dc9-3555dd2 342->347 346->347 349->350 360 3555d95 350->360 361 3555d75-3555d7e 350->361 351->352 355 3555f04-3555f0f 351->355 352->355 356 3555f15-3555f41 355->356 357 3556160-355616b 355->357 367 3555f43 356->367 368 3555f4b-3555f5a 356->368 369 355616c-35561ab 357->369 360->337 365 3555d80 361->365 366 3555d82-3555d8f 361->366 365->366 366->330 366->331 367->368 371 35560b0-35560bc 368->371 372 3555f60-3555f6b 368->372 390 35561b2-35561c2 369->390 378 3556156-355615d 371->378 379 35560c2-35560c9 371->379 375 3555f75-3555f81 372->375 376 3555f6d 372->376 380 3555ea3-3555ea7 373->380 374->380 375->369 381 3555f87-3555fa1 375->381 376->375 379->378 382 35560cf-3556103 379->382 380->336 387 3556000-3556003 381->387 388 3555fa3-3555fa9 381->388 382->378 402 3556105-3556124 382->402 387->371 388->390 391 3555faf-3555fb5 388->391 400 35561c4-35561cb 390->400 401 35561cc-35561d7 390->401 393 3555fb7-3555fc9 391->393 394 3555fcc-3555ff6 391->394 393->394 403 3556008-355600a 394->403 404 3555ff8-3555ffe 394->404 400->401 405 35561dd-35561e7 401->405 415 3556126-3556131 402->415 416 3556133-355613b 402->416 407 355600d-3556023 403->407 404->407 409 3556025-3556027 407->409 410 355609b-355609d 407->410 409->390 414 355602d-3556050 409->414 413 35560a4-35560ad 410->413 413->371 421 3556074-355607d 414->421 422 3556052-3556054 414->422 417 355613d-355613f 415->417 416->417 419 3556141-3556146 417->419 420 3556148 417->420 423 355614a-355614e 419->423 420->423 429 355609f 421->429 430 355607f-3556088 421->430 424 3556056-3556058 422->424 425 355605b-3556072 call 3550420 422->425 423->378 424->425 425->421 429->413 431 355608c-3556099 430->431 432 355608a 430->432 431->409 431->410 432->431
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9499f51cbd9325c91e893e9edd48b6ed9987b24eb4c2b121506ef88865f65053
                                                                                                            • Instruction ID: 57d34b8f3e85459ef8f5297de4b36ad18619079cbd64e4b77b2b819dcced2999
                                                                                                            • Opcode Fuzzy Hash: 9499f51cbd9325c91e893e9edd48b6ed9987b24eb4c2b121506ef88865f65053
                                                                                                            • Instruction Fuzzy Hash: B832C575B042058FCB15DF69D4A456EBBB2FFC9310B19856EE906DB392DB34AC01CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 3555180-35551c7 3 35551cf-35551d2 0->3 4 35551c9-35551cd 0->4 5 35551d5-35551e6 3->5 4->5 7 35551ec-35551ff 5->7 8 355529a-35552b2 5->8 11 3555257-3555262 7->11 12 3555201-3555207 7->12 13 35552b4-35552ba 8->13 14 35552bc-35552c3 8->14 20 3555264-355526d 11->20 12->8 15 355520d-3555212 12->15 13->14 16 35552c4-35552e0 13->16 14->16 18 3555214-3555218 15->18 19 355521a-355521d 15->19 26 35552fc-3555354 GetFullPathNameW 16->26 21 3555220-3555222 18->21 19->21 20->13 23 355526f 20->23 24 3555224-3555226 21->24 25 3555228-355522a 21->25 27 35551f6-35551ff 23->27 28 3555271-355528b 23->28 31 3555242-3555244 24->31 29 3555233-3555240 25->29 30 355522c-3555231 25->30 36 3555356 26->36 37 355535b-355538e 26->37 27->11 27->12 40 3555292-3555299 28->40 41 355528d 28->41 29->31 30->31 33 3555246-3555251 31->33 34 3555253-3555255 31->34 33->20 34->20 36->37 45 3555394-3555396 37->45 46 35552e2-35552e4 37->46 41->40 47 35553b0-35553b9 45->47 48 3555398-35553a8 45->48 49 35553ab 46->49 50 35552ea-35552ef 46->50 53 35553c0-35553e2 47->53 54 35553bb 47->54 49->47 50->26 51 35552f1-35552f4 50->51 51->26 58 35553e4-35553ea 53->58 59 35553ec-35553f3 53->59 54->53 58->59 60 35553f4-35553f9 58->60 59->60 61 35553ff-3555402 60->61 62 35554e9-3555548 60->62 63 35554bc-35554ca 61->63 64 3555408-3555417 61->64 71 35554d5-35554d9 62->71 72 355554a 62->72 65 35554d0-35554d2 63->65 66 35554cc-35554ce 63->66 69 35554d4 65->69 70 35554db-35554dc 65->70 68 35554e4-35554e6 66->68 69->71 70->68 71->68 73 3555554-3555558 72->73 74 355554c-355554f 72->74 75 3555562-3555568 73->75 76 355555a-3555560 73->76 77 3555551-3555553 74->77 78 3555582-3555584 74->78 79 3555578-3555580 75->79 80 355556a-3555576 75->80 76->75 77->73 81 3555586-35555a4 78->81 82 3555592 78->82 83 3555588-355558a 79->83 80->79 90 35555f4 81->90 91 35555a6-35555ab 81->91 85 3555594-3555599 82->85 86 35555e7-35555e8 83->86 87 355558c-355558f 83->87 88 35555f6-35555f7 85->88 89 355559b-355559e 85->89 86->82 92 35555f9-35555fe 88->92 93 3555638-355563d 88->93 90->88 94 35555ad-35555af 91->94 95 35555ce-35555d0 91->95 100 3555600-3555607 92->100 101 355561d-355561f 92->101 98 355563f 93->98 99 355564e-355565a 93->99 102 35555b1-35555b3 94->102 103 3555620-3555624 94->103 96 3555641-3555645 95->96 97 35555d2-35555d6 95->97 108 3555647-355564a 96->108 109 355565f-3555663 96->109 106 355564c 97->106 107 35555d8-35555dc 97->107 98->96 99->83 110 355560d-3555614 100->110 111 3555609-355560c 100->111 101->103 112 35555b5 102->112 104 3555626-3555629 103->104 105 355562a 103->105 104->105 114 355562b-3555631 105->114 106->98 106->99 107->112 115 35555de-35555e2 107->115 108->106 116 3555665-3555668 109->116 117 35556c0-35556c2 109->117 110->109 118 3555616-355561b 110->118 111->110 113 35555b7-35555bb 112->113 112->114 113->85 119 35555bd-35555c1 113->119 114->109 120 3555633 114->120 115->86 115->109 121 35556c4-35556cb 117->121 122 35556cc-35556cd 117->122 118->100 118->101 119->109 125 35555c7-35555cc 119->125 120->82 121->122 123 35556cf-35556d4 122->123 124 35556e9-35556ec 122->124 123->124 126 35556d6-35556db 123->126 125->94 125->95 127 35556dd-35556e5 126->127 128 35556fe-355570e 126->128 129 35556f7-35556fd 127->129 130 35556e7-35556f6 127->130 133 3555710 128->133 134 3555718-355571b 128->134 135 3555734-355575f 133->135 136 3555712 133->136 137 355571c-3555731 134->137 142 3555766 135->142 143 3555761-3555764 135->143 136->137 138 3555714-3555717 136->138 137->135 138->134 144 3555768-35557b3 CreateFileW 142->144 143->144 146 35557b5 144->146 147 35557ba-3555812 144->147 146->147
                                                                                                            APIs
                                                                                                            • GetFullPathNameW.KERNEL32(?,?,?,00000000), ref: 03555341
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FullNamePath
                                                                                                            • String ID: |:l
                                                                                                            • API String ID: 608056474-3272063788
                                                                                                            • Opcode ID: 7eec4a6caba79f82a0618e86cf43760ca23050c4e5c31ce3ed750e94c0188deb
                                                                                                            • Instruction ID: 22870d935127553f503420c34434478081efb25133764498d7514ea20a14f7b8
                                                                                                            • Opcode Fuzzy Hash: 7eec4a6caba79f82a0618e86cf43760ca23050c4e5c31ce3ed750e94c0188deb
                                                                                                            • Instruction Fuzzy Hash: 03022B319052458FCB15CFA8E8A45EEBBB1FF86210F58496BEC47D7261F730A846CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 152 35540a1-35540a6 153 35540b0-3554132 WriteFile 152->153 154 35540a8-35540af 152->154 158 3554134 153->158 159 3554139-355415a 153->159 154->153 158->159 162 355415c-3554167 159->162 163 355417f-3554195 159->163 162->163
                                                                                                            APIs
                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,?), ref: 0355411F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: 29b6f63ef4be78d8a53e6e1eb04fa8b945c8bb34c247e7108b643e68bc85c676
                                                                                                            • Instruction ID: 5251cb28ea4df3f1f72959211dbcf3242a0b767a5b05b9b9bc6032c920fcd416
                                                                                                            • Opcode Fuzzy Hash: 29b6f63ef4be78d8a53e6e1eb04fa8b945c8bb34c247e7108b643e68bc85c676
                                                                                                            • Instruction Fuzzy Hash: D3314F75E012489FCB14DFAAE895ADEFBF5FF98310F14842AE419A7320CB316845CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 252 3556281-35562de FindCloseChangeNotification 255 35562e5-355630f 252->255 256 35562e0 252->256 256->255
                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNELBASE ref: 035562CB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: e10a6efd754ec4be1c8743a20c22b245e85a6b83cbe458414e71dcb0629c7551
                                                                                                            • Instruction ID: 44bd5426abc5874b86c273d99411f28ae41fa56ee78c6ca14bbf4677fd6dcaa7
                                                                                                            • Opcode Fuzzy Hash: e10a6efd754ec4be1c8743a20c22b245e85a6b83cbe458414e71dcb0629c7551
                                                                                                            • Instruction Fuzzy Hash: D711A131A013458FC711DBF9E8957EFBFF0AF89210F14406AD518E7251CA345949CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 358b881a615f1c3928cc0db596b9fd29b850ccb6f955ee5dccf8625230585668
                                                                                                            • Instruction ID: cbe6be0a9edbfb3ba8b6134a049f30632466f872fa996702ab6b7f9e5e6e9c08
                                                                                                            • Opcode Fuzzy Hash: 358b881a615f1c3928cc0db596b9fd29b850ccb6f955ee5dccf8625230585668
                                                                                                            • Instruction Fuzzy Hash: 62419172E0540A02CF2CD469BCB226CB58A72D233DB5C83BBBD569B2F5F650A41B81D1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c25ab71a0b9176d1d7f512b33f92f251e9861402f8c9e2165b25f3e3fb3c28c
                                                                                                            • Instruction ID: f68646923c8343457488b92a4e7f137f3c39adbfcbc52b289b6b15e129fce65d
                                                                                                            • Opcode Fuzzy Hash: 5c25ab71a0b9176d1d7f512b33f92f251e9861402f8c9e2165b25f3e3fb3c28c
                                                                                                            • Instruction Fuzzy Hash: 9631063760096241DB34C658E8E017EB2EAB6C176639E457FED42CB5E0F726F4478280
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d5d0ac9b7907b55b723aedf5d237ed7af16e221a1fc543d0dc6dc4b4a8e69536
                                                                                                            • Instruction ID: 53819f4e89e37a59b7b428a2d9b3c92bead795efa307f11abbc679d693da6156
                                                                                                            • Opcode Fuzzy Hash: d5d0ac9b7907b55b723aedf5d237ed7af16e221a1fc543d0dc6dc4b4a8e69536
                                                                                                            • Instruction Fuzzy Hash: 78212933E045624BCF24C92DB8A057EFB6BFAC13A571D9663F851A7070F63075478294
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1247178848.0000000003550000.00000020.00001000.00040000.00000000.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_3550000_Grid 3.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 524942af3087b53d316b15c99a59e3fc4ac0dcc13f7a7423597b60aaae791361
                                                                                                            • Instruction ID: 61f12e3326884b9cf7223086b72ca3673601f120573fd3f094f06dd4e6911c23
                                                                                                            • Opcode Fuzzy Hash: 524942af3087b53d316b15c99a59e3fc4ac0dcc13f7a7423597b60aaae791361
                                                                                                            • Instruction Fuzzy Hash: CF212933D096924BCF21C529B8A15BEFB67BEC23A431E1693E851A70B1E630354783A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Executed Functions

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "rU$@9}2$H$H9}2$P9}2$P9}2
                                                                                                            • API String ID: 0-2659094130
                                                                                                            • Opcode ID: f7da10e835ee064c7a9a2de24a29d09f08aed9d90c4afd29a9b632915d67cd26
                                                                                                            • Instruction ID: 4531393275ca487096c007690255d528139d3a0cc80cdbd2c53c7429f465bd74
                                                                                                            • Opcode Fuzzy Hash: f7da10e835ee064c7a9a2de24a29d09f08aed9d90c4afd29a9b632915d67cd26
                                                                                                            • Instruction Fuzzy Hash: 65328E74608A598FDB94EB7CC498A7577E2FF5A700B1405F9E09ECB2E2DA24EC45C740
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: p6}2$p6}2$7}2$7}2
                                                                                                            • API String ID: 0-3970009022
                                                                                                            • Opcode ID: 95910cb57d40763932f2df42d5affe8b9ea9c1cb014982a11996a48abc1a2208
                                                                                                            • Instruction ID: 7ef0c58a2fc4cf92549daedeea92eba8844335d5999072195511cc3dc60fd542
                                                                                                            • Opcode Fuzzy Hash: 95910cb57d40763932f2df42d5affe8b9ea9c1cb014982a11996a48abc1a2208
                                                                                                            • Instruction Fuzzy Hash: 17422661A1CA4A4FE389E778C8906B437D2EF8A348B6454FED44DCB2D3DE25BC068750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: g
                                                                                                            • API String ID: 0-30677878
                                                                                                            • Opcode ID: 1499b9b90c97dc4a37a82428e305e5ba22cd73981324a4e5f463a33ac0519098
                                                                                                            • Instruction ID: 9d9c13968b017a0fde15e5dd6ac85aaf50e778f3e80ad2c92049e4e1f613f5c5
                                                                                                            • Opcode Fuzzy Hash: 1499b9b90c97dc4a37a82428e305e5ba22cd73981324a4e5f463a33ac0519098
                                                                                                            • Instruction Fuzzy Hash: 72A26174618A498FD799EB78C455BA577E1FF9A300F2044BDD05ECB2A2CE35E842CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 816d9688d56daf77087946367a7c97670d73c8969cbeaa177bf49c62c15062d2
                                                                                                            • Instruction ID: ef925cab65cc364869a6ab420cf5821418e7296a437b3b17683c607dffb0c5c6
                                                                                                            • Opcode Fuzzy Hash: 816d9688d56daf77087946367a7c97670d73c8969cbeaa177bf49c62c15062d2
                                                                                                            • Instruction Fuzzy Hash: 76C17F74618A498FE799EB38C494AB573E1FF4A304F6105FBD45ACB2E2CF25A885C710
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6fab6734122a51355cf2171ac82735877bc18ee4a205f9c71565420b489c66d
                                                                                                            • Instruction ID: 26d1140f852f31cad85558e5af6f71946f3c0f6fe8c31f856d38e197c4720144
                                                                                                            • Opcode Fuzzy Hash: a6fab6734122a51355cf2171ac82735877bc18ee4a205f9c71565420b489c66d
                                                                                                            • Instruction Fuzzy Hash: EE817DB6A086464FE354AB7CD89AAA17BE1EF46314F1491FAD09EC71D3DD3868038740
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6c0d3c76b32e0b8b33d41d46eb21ffafb0b26430246b10c2caecc0c653e09347
                                                                                                            • Instruction ID: fdf4d06677fca789c1abc6e9f4a7dcfe23379c7db5b892fba5f4be0c8b5a9bd4
                                                                                                            • Opcode Fuzzy Hash: 6c0d3c76b32e0b8b33d41d46eb21ffafb0b26430246b10c2caecc0c653e09347
                                                                                                            • Instruction Fuzzy Hash: EF511AB5608A454FE3589B78D45AA257BE1EF85314F24D1BEE09EC72E3CE3998028B40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6U$ 8}2$(8}2$(8}2$H8}2$P8}2$X8}2$`8}2$h8}2$p8}2$x8}2
                                                                                                            • API String ID: 0-3390916763
                                                                                                            • Opcode ID: 146e3aac809a16f97676b70aa9c49f68a5ce3f9f06cded7ed24fb64f48b661d9
                                                                                                            • Instruction ID: c23f17a479fb259684f13b974e4bd9663066fe5b1aa67a19498c8ab2b8a5cf38
                                                                                                            • Opcode Fuzzy Hash: 146e3aac809a16f97676b70aa9c49f68a5ce3f9f06cded7ed24fb64f48b661d9
                                                                                                            • Instruction Fuzzy Hash: ECB1F270A0CA894FE785E77C84916747BE1EF9B344B5900FAD049CB2E7DE29EC468721
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 7}2$(7}2$07}2$6}2$6}2$Z}2
                                                                                                            • API String ID: 0-152091596
                                                                                                            • Opcode ID: a4f8d5b49c63bc8a40b7fa4904820cf5e4ed10eef286415342de0f0a191ade87
                                                                                                            • Instruction ID: 5312ddc72ffa7449accf79b1b58a1151ba97c2fdc65289a0d38e3ebc4097ff12
                                                                                                            • Opcode Fuzzy Hash: a4f8d5b49c63bc8a40b7fa4904820cf5e4ed10eef286415342de0f0a191ade87
                                                                                                            • Instruction Fuzzy Hash: 52221775A0C9894FE389E77C98652783BD2EFCA34472900FAD05DCB2D6DE25AC068751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6U$@:}2$H:}2$P:}2$p<9T
                                                                                                            • API String ID: 0-2373479632
                                                                                                            • Opcode ID: 1f6c7bf1afd6970edef6443b2c6d7edb0b8e60fa9c9a7bdb8f4377ccc6e7a4e9
                                                                                                            • Instruction ID: 70cb5ccf058d332c43e6a45831f5dfa0387433a6e15e51c982a00d967958eb29
                                                                                                            • Opcode Fuzzy Hash: 1f6c7bf1afd6970edef6443b2c6d7edb0b8e60fa9c9a7bdb8f4377ccc6e7a4e9
                                                                                                            • Instruction Fuzzy Hash: CD711771B0CA894FE7A4EB7C94596797BE1EF9A310B1402FBD08DC72D2DE219C058781
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :}2$ :}2$(:}2$(:}2$0:}2
                                                                                                            • API String ID: 0-2598538145
                                                                                                            • Opcode ID: 1a4206a0c95f75c5ee99eff26cc06538d21fb1bdbce7ef3d64a7e5a58935fcd5
                                                                                                            • Instruction ID: 9ef9e163db8e8d4d32ead5e4fb8d05a02b79b9e6efe21db5e256aa3173e2fad1
                                                                                                            • Opcode Fuzzy Hash: 1a4206a0c95f75c5ee99eff26cc06538d21fb1bdbce7ef3d64a7e5a58935fcd5
                                                                                                            • Instruction Fuzzy Hash: 48514E747189498FD799EB3CC458A6577E2FF9A300B6544FAE05ECB2A6CE24EC418B00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6U$08}2$88}2$@8}2$H|oR
                                                                                                            • API String ID: 0-3560171278
                                                                                                            • Opcode ID: 7ae77f3920fd57940c5764e204cea8c7e038e45d77f2b881c2501071d42edd4b
                                                                                                            • Instruction ID: 5bea228825fb8a9cf705b49876ed3bd7b1e224b0245b3ac38b24435da70b941a
                                                                                                            • Opcode Fuzzy Hash: 7ae77f3920fd57940c5764e204cea8c7e038e45d77f2b881c2501071d42edd4b
                                                                                                            • Instruction Fuzzy Hash: D631D361B0CA8D4FE389E37C94612747BE2EF8A344B6911FAD44DCB2E3DE25AC458351
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: VS_3$ZS_^$b4U$d
                                                                                                            • API String ID: 0-347893970
                                                                                                            • Opcode ID: 6d752dbf279bd5399e549f6bde2c1aea6d5b9db812b10f539555da7634865767
                                                                                                            • Instruction ID: e5ace22cf092e67d8defd0ebe485e7ab927707e8879c8d2c5d5aabd080c4698d
                                                                                                            • Opcode Fuzzy Hash: 6d752dbf279bd5399e549f6bde2c1aea6d5b9db812b10f539555da7634865767
                                                                                                            • Instruction Fuzzy Hash: B74206B6E0D7964FE315AB7CD8950F57BE0EF5232472802FAC0AACB1D3E915A8478351
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ^$h9}2$p6}2$p9}2
                                                                                                            • API String ID: 0-3832194764
                                                                                                            • Opcode ID: ef52fe1373df5c787041b1e9836ef26dd886ee08f9b757023f0abdbec8946b06
                                                                                                            • Instruction ID: e9ed50157d1237845f705b87d7e100e69a663369c34d5f48f4f38d0bd0e74c8c
                                                                                                            • Opcode Fuzzy Hash: ef52fe1373df5c787041b1e9836ef26dd886ee08f9b757023f0abdbec8946b06
                                                                                                            • Instruction Fuzzy Hash: 9D4116A6A0D6964FE341F77CC8A11F67BE0EF56344B2800F6D0C9CA1D7EE54A84AC791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8:}2$b4U$b4U
                                                                                                            • API String ID: 0-2657244470
                                                                                                            • Opcode ID: 00de93f2c45c9f4a62560b22b95052d9300f25186a52f9eef0c6f3e7347e657b
                                                                                                            • Instruction ID: 993ae811fba6b77ea12252437985e3dc192d994d43185cc9e940007f16587eae
                                                                                                            • Opcode Fuzzy Hash: 00de93f2c45c9f4a62560b22b95052d9300f25186a52f9eef0c6f3e7347e657b
                                                                                                            • Instruction Fuzzy Hash: C6E17AB2A0CA4A4FE398EA78C4555B977D1FF56310B2452B9D0AAC75C7DE24F843C780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6U$p6}2$x9}2
                                                                                                            • API String ID: 0-3789178237
                                                                                                            • Opcode ID: 24277facb0958f689356f20b3cbbc812115cea04642193a58caa5d8ddb4b3fd6
                                                                                                            • Instruction ID: d5c2a33a8c1bf84f724961fb76ae6fe3188a25cb28d5e2437d49c3b830717911
                                                                                                            • Opcode Fuzzy Hash: 24277facb0958f689356f20b3cbbc812115cea04642193a58caa5d8ddb4b3fd6
                                                                                                            • Instruction Fuzzy Hash: FBA146A670CA8A4FE794F77C98592B47BD1EF9A75071801FBD08DCB2D2EE149C068381
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: P7}2$X7}2$`7}2
                                                                                                            • API String ID: 0-4268097006
                                                                                                            • Opcode ID: c7440e5dbed6deb6186647830ba8436c3a8a8daf9b73a7b242cf450128325067
                                                                                                            • Instruction ID: 4224a52ea19fe0ba1c0727883808d32d124b32b260f17c8641abd518969b2b50
                                                                                                            • Opcode Fuzzy Hash: c7440e5dbed6deb6186647830ba8436c3a8a8daf9b73a7b242cf450128325067
                                                                                                            • Instruction Fuzzy Hash: 60318D2060DA8A8FE746E77CC854A607BE1EF8B354B5A04E7D448CF2A3DA25ED45C721
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: b4U$d
                                                                                                            • API String ID: 0-2205508053
                                                                                                            • Opcode ID: 7238abbb0a37980c5ae707fe49a75feae370fdc2034baf7c33572eb8f56cd7f3
                                                                                                            • Instruction ID: 4cf39737b4b2f84325870818cb7077177fd0ce58732046f89acf23e1fb0e9cf5
                                                                                                            • Opcode Fuzzy Hash: 7238abbb0a37980c5ae707fe49a75feae370fdc2034baf7c33572eb8f56cd7f3
                                                                                                            • Instruction Fuzzy Hash: 07B11170A18A494FD369EB28C486979B7E1FF56314B2446BDC0AFC76D2DE25F8438780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: x6}2$Z}2
                                                                                                            • API String ID: 0-512606368
                                                                                                            • Opcode ID: 57fa7d9d7732f9beb1c2097b7b5cccfaccbacaed74f2defbac61b98d2f854b92
                                                                                                            • Instruction ID: 39bcad997767cb99c2b004201949095ece8894a94fb88e3974cee19350c89934
                                                                                                            • Opcode Fuzzy Hash: 57fa7d9d7732f9beb1c2097b7b5cccfaccbacaed74f2defbac61b98d2f854b92
                                                                                                            • Instruction Fuzzy Hash: 9151F32660D2E94BD312B7B8A8A14F93F90DF472A431901FBD0C9CE0DBE9156589C7A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 6U$x9}2
                                                                                                            • API String ID: 0-3995579869
                                                                                                            • Opcode ID: ecafbf410d487b8051031763904f31987999a24d6323709aa9cfe6ed9bb1acf7
                                                                                                            • Instruction ID: 3d9545098697e4da20ce07fefd88b2bdbebfea518c3415322cf6e2e82619df0d
                                                                                                            • Opcode Fuzzy Hash: ecafbf410d487b8051031763904f31987999a24d6323709aa9cfe6ed9bb1acf7
                                                                                                            • Instruction Fuzzy Hash: BD5127A1718E4A1FE3E4E67C98592717BC2EF9AB40B5401FEE09DC72D2DE14AC418380
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: h7}2$p7}2
                                                                                                            • API String ID: 0-1722545741
                                                                                                            • Opcode ID: 8b77b5efc0c8eb60593d6feedf75bd4210ba277f00ed2cb784d693529516920a
                                                                                                            • Instruction ID: 154a26d2d7d0965b98aa3383e05f6b85f74f99dadd5bb8471d53b5b3ec4af203
                                                                                                            • Opcode Fuzzy Hash: 8b77b5efc0c8eb60593d6feedf75bd4210ba277f00ed2cb784d693529516920a
                                                                                                            • Instruction Fuzzy Hash: 81518E74B18A588FDB98FB7CC8946B977E1EF5A304B1405B9E05AC72D6CE24EC41CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: x6}2$Z}2
                                                                                                            • API String ID: 0-512606368
                                                                                                            • Opcode ID: ee0a33941a9dea108515bb2375c2fda59d8dbbc1820e2c9e37fa44a1e71cebb7
                                                                                                            • Instruction ID: 77413745198dd220568fd398cf87340090d313ce7718925f22a45aca34d2e46c
                                                                                                            • Opcode Fuzzy Hash: ee0a33941a9dea108515bb2375c2fda59d8dbbc1820e2c9e37fa44a1e71cebb7
                                                                                                            • Instruction Fuzzy Hash: A541022960D2E94FE316E77CA8614FA3FA0DF472A431905FBD0CACE0D3E915654AC7A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8[}2$@[}2
                                                                                                            • API String ID: 0-576440362
                                                                                                            • Opcode ID: cd59a5366acb485d60701297fa93bdf4ed87d4520424605d1b7f70290fb03840
                                                                                                            • Instruction ID: 91d3b85c72cd4c68f56b5dcb0034680350b286a565f349db6ea92f846dba547f
                                                                                                            • Opcode Fuzzy Hash: cd59a5366acb485d60701297fa93bdf4ed87d4520424605d1b7f70290fb03840
                                                                                                            • Instruction Fuzzy Hash: EA3124A590DA8A4FE752E77888201B57BA0EF87710B2900FBC09CCB0D7DA196909C752
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 87}2$@7}2
                                                                                                            • API String ID: 0-3838988186
                                                                                                            • Opcode ID: 4c2ce853d3d8e0ff7237b70c6ce8cc5b01877189f0b60489e587144b8d2c83a7
                                                                                                            • Instruction ID: 7bb05d301b892a675c559f533bfecaf83094034e1b5bb73116a960b4af68afc9
                                                                                                            • Opcode Fuzzy Hash: 4c2ce853d3d8e0ff7237b70c6ce8cc5b01877189f0b60489e587144b8d2c83a7
                                                                                                            • Instruction Fuzzy Hash: 0D21067160CE894FD795EB6CC494AA2B7F1EF5A30071A01E7D089CB297DA24EC46C791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: AS_L$C'
                                                                                                            • API String ID: 0-384830000
                                                                                                            • Opcode ID: 033935dfef4a0b14667634e404537dc9ba1a2b551006331fd38698118e466cd3
                                                                                                            • Instruction ID: e08b053d7f2aa68f8b86e62e5ee35b57edd6a053beda287651125fc40e996ae0
                                                                                                            • Opcode Fuzzy Hash: 033935dfef4a0b14667634e404537dc9ba1a2b551006331fd38698118e466cd3
                                                                                                            • Instruction Fuzzy Hash: FFF0A772B0CE150B931CAA6CB4450B873D1EB99720754167FE05EC7687DE35B8838785
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "rU
                                                                                                            • API String ID: 0-3534086049
                                                                                                            • Opcode ID: 5daeec070aa450ae6d34f16f4f290e1ae85e7de75701e96d54053b4b7958e259
                                                                                                            • Instruction ID: 0bbcff006a7d74e3aec19b8e79f0845474dc5a0244dce723148fb7b9124e1d7b
                                                                                                            • Opcode Fuzzy Hash: 5daeec070aa450ae6d34f16f4f290e1ae85e7de75701e96d54053b4b7958e259
                                                                                                            • Instruction Fuzzy Hash: 35E15B74A189198FDB94FB78C498A7977E2FF5A700B6404B9E05EC76E2DE24EC41CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "rU
                                                                                                            • API String ID: 0-3534086049
                                                                                                            • Opcode ID: 478bcef620d53ff46512101e2c84f8edef6776cf7aaa7d2d5bd485d344943ab7
                                                                                                            • Instruction ID: 010881b3bdc6da4397276fde21865d05be06cc9554981baa6c68934adb537026
                                                                                                            • Opcode Fuzzy Hash: 478bcef620d53ff46512101e2c84f8edef6776cf7aaa7d2d5bd485d344943ab7
                                                                                                            • Instruction Fuzzy Hash: 5AB1F5746189098FDB94FB38C098B6977E2FF6D304B5505B8E09ECB6A2DA25EC41CB00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: '
                                                                                                            • API String ID: 0-3744524632
                                                                                                            • Opcode ID: 473bc8f8ba378a5a241bb1004309dbcaaebc0348068f454c9603ef70fa0434eb
                                                                                                            • Instruction ID: af1ef8798c22e67db1998ea9530c3a6cc8aac2e4d5bced47795a5138a682d52a
                                                                                                            • Opcode Fuzzy Hash: 473bc8f8ba378a5a241bb1004309dbcaaebc0348068f454c9603ef70fa0434eb
                                                                                                            • Instruction Fuzzy Hash: D6914766A0CA954FE319FABC94A55F93BD1EF96324B1801FFD08DC71C7EC1868068391
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: d
                                                                                                            • API String ID: 0-2564639436
                                                                                                            • Opcode ID: dbc468b9ae780416eb1ef1899757a456c8643c742a3523829024afb501e5ff9e
                                                                                                            • Instruction ID: ff31dbfc3b5210a55cdada20ed24aa7c8163cc19a7c27fd42b9d53edf7ea77c7
                                                                                                            • Opcode Fuzzy Hash: dbc468b9ae780416eb1ef1899757a456c8643c742a3523829024afb501e5ff9e
                                                                                                            • Instruction Fuzzy Hash: DE6124B0A18B094FD369EB68C486979B7E0FF56304B2405BDC5AFC7592DE25F8538780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0fU
                                                                                                            • API String ID: 0-3205344469
                                                                                                            • Opcode ID: fbd8bf87d012b2a028acac6a3b664e4107d6d05867fa36346c64668470e8e4ad
                                                                                                            • Instruction ID: 1ae0a583a4c385d97b8f42e5e3ce5f070931de5106c723006b527c16205ecf66
                                                                                                            • Opcode Fuzzy Hash: fbd8bf87d012b2a028acac6a3b664e4107d6d05867fa36346c64668470e8e4ad
                                                                                                            • Instruction Fuzzy Hash: F051C131A1894DCFDB95EB78D454ABA77E1EF4A344B2400BBC40DCB2A5DE22EC45C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: H7}2
                                                                                                            • API String ID: 0-210111200
                                                                                                            • Opcode ID: 7f00f7fe203bdf9c9c4596a74ee6f9cd21902a60093555bd91ef36584a34fbf8
                                                                                                            • Instruction ID: 931ad4ac43edf579b7fe268d689bec06a3104980fd777e05e4e6bc2d50486b17
                                                                                                            • Opcode Fuzzy Hash: 7f00f7fe203bdf9c9c4596a74ee6f9cd21902a60093555bd91ef36584a34fbf8
                                                                                                            • Instruction Fuzzy Hash: 23213652B1CAA90FF798B27DAC5A1B937C1DF8622075810FBE44DC62C3EC1AB8424291
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0:}2
                                                                                                            • API String ID: 0-2866090432
                                                                                                            • Opcode ID: 6116f68c69d6a1b4312aefc7779ab0052122ca65de686235e222a997cfb7e39b
                                                                                                            • Instruction ID: ea0976423a1532506dfafe1fadf584e9f11bc28c1c831d9a4cd031ba8b109957
                                                                                                            • Opcode Fuzzy Hash: 6116f68c69d6a1b4312aefc7779ab0052122ca65de686235e222a997cfb7e39b
                                                                                                            • Instruction Fuzzy Hash: AB315AA260D9894FE788F37CC454A79A7D2EF86740B1801FAD09ECB1D2DE14AC058700
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: '
                                                                                                            • API String ID: 0-3744524632
                                                                                                            • Opcode ID: 4af8390d1cd305447baae974efa4215bd1047522a89906dec7ed106244927a19
                                                                                                            • Instruction ID: 20dd91a7a3109dc42277acf4cf96ceeb199592bd41583acf12f1740bac06df0c
                                                                                                            • Opcode Fuzzy Hash: 4af8390d1cd305447baae974efa4215bd1047522a89906dec7ed106244927a19
                                                                                                            • Instruction Fuzzy Hash: 4B0180A9B08A064BE75976FE94D93B851C2EB9A300F6420BED46DC73D7CC2CDC468251
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8[}2
                                                                                                            • API String ID: 0-645175352
                                                                                                            • Opcode ID: 7d9038f43fc9c03838eb66d2ba9f007643b7ee254e1805744e8470f702648750
                                                                                                            • Instruction ID: 87728cd916605f77c38f30f698b050ec18a1c6a4f8942fd512a4581d4521e976
                                                                                                            • Opcode Fuzzy Hash: 7d9038f43fc9c03838eb66d2ba9f007643b7ee254e1805744e8470f702648750
                                                                                                            • Instruction Fuzzy Hash: 2A113B7290D6895FE7119BB8DC691ED3FB0DF42254F1500F7D098CB093E924295EC3A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8[}2
                                                                                                            • API String ID: 0-645175352
                                                                                                            • Opcode ID: 106d9ff9be3ce87a953ea142da7cd55557541a4d559a34302d7045b5ab1eb1e5
                                                                                                            • Instruction ID: 8bdf2e80f1698266655787811b5730f9ba4b43c6e2b93378bf5e8692e445dc06
                                                                                                            • Opcode Fuzzy Hash: 106d9ff9be3ce87a953ea142da7cd55557541a4d559a34302d7045b5ab1eb1e5
                                                                                                            • Instruction Fuzzy Hash: D011D6A690DAC46FE362A7789C690AD7FA0EF97310F1805FFD0D8CB0D7D92059458392
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: x7}2
                                                                                                            • API String ID: 0-4239258177
                                                                                                            • Opcode ID: 805be2fc3f0a1350a7e665799b0d06cec5fcbc874c0a98c5cf26d004f4ac30be
                                                                                                            • Instruction ID: 10e62c1bf9faa0f4e172cd3ca1ab4cf5bf27db784a87816c90a7c144c05b7029
                                                                                                            • Opcode Fuzzy Hash: 805be2fc3f0a1350a7e665799b0d06cec5fcbc874c0a98c5cf26d004f4ac30be
                                                                                                            • Instruction Fuzzy Hash: F2F04F30708D2D4FE644E72CE455665B3D1EB89711B5505FAE00DC739ACD25EC928791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: '
                                                                                                            • API String ID: 0-3744524632
                                                                                                            • Opcode ID: bd3c89317db8dae9f268655b17b7ef3199be1f204d916aa8c44128696cda8aa0
                                                                                                            • Instruction ID: 01d40c3119ef46168d98b665ba2e0afd4db0d826aed9c301cc596ef6bcfa590e
                                                                                                            • Opcode Fuzzy Hash: bd3c89317db8dae9f268655b17b7ef3199be1f204d916aa8c44128696cda8aa0
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3cf3aeab1f5441641e8f334b9103067a1a1925ee05588569409ad35f5adb3596
                                                                                                            • Instruction ID: efe8f10bb1d0e29ccfd5309e48dd7a60e97a3ba9c83d45c5b1a5293696afce7d
                                                                                                            • Opcode Fuzzy Hash: 3cf3aeab1f5441641e8f334b9103067a1a1925ee05588569409ad35f5adb3596
                                                                                                            • Instruction Fuzzy Hash: CEC14566A0D98B4FE795E77C886467477E2EF8A310B6801FAD04DCB2D3ED18EC468341
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e0cdb7f496dc1ef7581f38e81f48dc823eb3f95effab0935b57854e6e8480436
                                                                                                            • Instruction ID: fd7ed98e4aa079d04300fe34df908c4431ae2def9595dbac5a81f826e1f24661
                                                                                                            • Opcode Fuzzy Hash: e0cdb7f496dc1ef7581f38e81f48dc823eb3f95effab0935b57854e6e8480436
                                                                                                            • Instruction Fuzzy Hash: F3917CA690D79A5FE311BABCEC951E57BD0EF4332471801FAD0D9CA0D7E918688AC391
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d9135b69430ae671c22900d4db8d6686aa09818a8e688f0208de690c346e7aa
                                                                                                            • Instruction ID: 14530fe03194b8d8b978adfc43592690eeb70e4f55634c5369ca0c54e8e7d67d
                                                                                                            • Opcode Fuzzy Hash: 8d9135b69430ae671c22900d4db8d6686aa09818a8e688f0208de690c346e7aa
                                                                                                            • Instruction Fuzzy Hash: D871E395B0C9090BE788BABCD49567873C2EF9A750F5451FEE00ECB2CBDC18AD068352
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 14f841e1fe6dd5fd8399529c4bca1eb7484151ae4cd757939abff1b2192d6a0b
                                                                                                            • Instruction ID: 0b23470ae43ce7b0debb3ab4d322647fafc599f09256ef14e9a41f10db800fbb
                                                                                                            • Opcode Fuzzy Hash: 14f841e1fe6dd5fd8399529c4bca1eb7484151ae4cd757939abff1b2192d6a0b
                                                                                                            • Instruction Fuzzy Hash: F66125B2A0DA9A4FE745FB7CD8551F97BE1EF96320B1800B6D09CCB2C3DE2468568750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5f9dbb81ce92bbe92d5d38b5eae20813d361e1701829d25c68c2109e56118b55
                                                                                                            • Instruction ID: 4da7b3b064b01bc915a60348901363126ba10a08eef91ca9dcb5cb624091c21a
                                                                                                            • Opcode Fuzzy Hash: 5f9dbb81ce92bbe92d5d38b5eae20813d361e1701829d25c68c2109e56118b55
                                                                                                            • Instruction Fuzzy Hash: 3D61D370A1CA498FE759F73CC4655B977E1EF8A301B6504FAD01ACB2E2CE25E846C710
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 723d3f29b46148d5ca106e26f6bfa4bb554cfc5fcf3ed1db37bca3e4ba58ff86
                                                                                                            • Instruction ID: 89d324cf60eb9988af3f5b751018203a40d8bee5c6f9012e48dee43d1f592e1a
                                                                                                            • Opcode Fuzzy Hash: 723d3f29b46148d5ca106e26f6bfa4bb554cfc5fcf3ed1db37bca3e4ba58ff86
                                                                                                            • Instruction Fuzzy Hash: 6A5113D690EAC51FE396E6BC9C946697FD0EF97710B1802FBD0D9CB0D7DA08580A8391
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 78361f54d4fd43b3a549bff981200331b650b1a3fc0dbaca13b8d370e5fa5adc
                                                                                                            • Instruction ID: 06a7ffa02fc6d383a7c2656cbfe6d65b13027e623bacbdf93cb4a2230cbcdf06
                                                                                                            • Opcode Fuzzy Hash: 78361f54d4fd43b3a549bff981200331b650b1a3fc0dbaca13b8d370e5fa5adc
                                                                                                            • Instruction Fuzzy Hash: D85126B2A08A4E4FEB95EB68C4555B977E1FF99710B1802BAD05DC72C2DE24AD068780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22c9c4ef6de6739830f4c8184ccea8427b3f35d3fb310066f1a2895df0a21b39
                                                                                                            • Instruction ID: 77671637de18eb628ca92f127fa827bbf262e4e4a4448070ad41d56af903c412
                                                                                                            • Opcode Fuzzy Hash: 22c9c4ef6de6739830f4c8184ccea8427b3f35d3fb310066f1a2895df0a21b39
                                                                                                            • Instruction Fuzzy Hash: FA518275E0860D8FEB94EFA8C855AEDB7F1EF49300F1501BAD41DE7282DE3568428B80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fd0aaf55cebed7bdb97b15d2d641da084fb0710e9c6d3145ed5412091675e8fe
                                                                                                            • Instruction ID: 700cc16c285abb22bbd9984db1de596393ddf4dec9d93292197877688c47f5ff
                                                                                                            • Opcode Fuzzy Hash: fd0aaf55cebed7bdb97b15d2d641da084fb0710e9c6d3145ed5412091675e8fe
                                                                                                            • Instruction Fuzzy Hash: 3351D5B590DA458FD7AAF774C8546B477D2EF86304F6804FEC099C72D2CE69A945C340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aaa49131a8b90c1cff836e594d5f69dfbf071df9e76e2940ec7d09c90739a197
                                                                                                            • Instruction ID: 0ed20b9d49f3b647772268707dc340fd43c6ea87d175a9a90c80fcaf393756e1
                                                                                                            • Opcode Fuzzy Hash: aaa49131a8b90c1cff836e594d5f69dfbf071df9e76e2940ec7d09c90739a197
                                                                                                            • Instruction Fuzzy Hash: 9451277560CB098FEB48EF6DC481972B3E1FF9A350B144569E48AC72D6DE25F8028B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: df84dc1376538e003d400508640d30a2d3391cb13dfe6c84fe68aabc1232a92b
                                                                                                            • Instruction ID: 0b13da8336c1663a0b8d74837fd80889c009f1cad5f31d5b36ef7d4c960816c2
                                                                                                            • Opcode Fuzzy Hash: df84dc1376538e003d400508640d30a2d3391cb13dfe6c84fe68aabc1232a92b
                                                                                                            • Instruction Fuzzy Hash: BE4143D690EA851FF3A5E6BC9C546696FD0EF96710B1802FBE0D9CB1DBCE049D058381
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ae60f08bc208bb1a2a8171fb7eb1192d52f2d097248b0247c28b925a6eb825e
                                                                                                            • Instruction ID: 5e6963cef1a247f5713ba462d5ebea8c116241a8c05d3e27fa6e09e96d947ac2
                                                                                                            • Opcode Fuzzy Hash: 4ae60f08bc208bb1a2a8171fb7eb1192d52f2d097248b0247c28b925a6eb825e
                                                                                                            • Instruction Fuzzy Hash: 85414975A1CA494FD319AB7CD8445B177D1EF56320B2806FDE0AACB1D2EA29A842C340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 40a66c0726cabf147427d04f81fafe7b7a44351a70bb8892a5f47b47721b89e7
                                                                                                            • Instruction ID: cd4f13f51e97bbd9b8373423e0bd8a355ff0759f089278b228b14c1c6ea3dc19
                                                                                                            • Opcode Fuzzy Hash: 40a66c0726cabf147427d04f81fafe7b7a44351a70bb8892a5f47b47721b89e7
                                                                                                            • Instruction Fuzzy Hash: 2441127161CA494FD315AB78D8905B177E0EF96314B6801F9E06AC72D3EE29BC86C340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4832f28d029b02dee9e2791d241b917a3b0d0b671f33fbf90ca2134af346eff5
                                                                                                            • Instruction ID: ca103156d8825eab18d46acfa5ca155e4c996fe621dc7b738ce27f5fb33beef3
                                                                                                            • Opcode Fuzzy Hash: 4832f28d029b02dee9e2791d241b917a3b0d0b671f33fbf90ca2134af346eff5
                                                                                                            • Instruction Fuzzy Hash: 8441F47160C7598FD715BBBCE8904A177E0EF4231872805FAE0AACB1D7EE15AC86C240
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5e1708edc4f3a292673be7fbb0d82b2d638b8a9415e13fca63dfca5b49854ac
                                                                                                            • Instruction ID: ac240dadf2acbc2ccf0ffb32071f586ac517def8f45ed63ca8358336e7c4f55e
                                                                                                            • Opcode Fuzzy Hash: b5e1708edc4f3a292673be7fbb0d82b2d638b8a9415e13fca63dfca5b49854ac
                                                                                                            • Instruction Fuzzy Hash: EA317FB6B0CE491FE394A5BC98D55B56BC0EFD9714B1802FBE05CC72D2DD146C428381
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d8e0b54679d5ccb60af117f247aec858c1f62a1c47b493e7c45f1fab84d7a3d
                                                                                                            • Instruction ID: 77a04d519f92e46b6e44e6e0d330e8a0f6c1b884b02c35b11f50d2119bf22ef8
                                                                                                            • Opcode Fuzzy Hash: 3d8e0b54679d5ccb60af117f247aec858c1f62a1c47b493e7c45f1fab84d7a3d
                                                                                                            • Instruction Fuzzy Hash: 24411B75A08E498FE799EB38C455BA677E2EF89301F5444B9D05ECB396CE35E842CB00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4ad7a650952d3278be34f66ec549832c6e3e57ef009a5a3d5104cb0345ea039
                                                                                                            • Instruction ID: 89587621784c726da2e16e47f8231006668f35fa65ea06256928b999f5a0b205
                                                                                                            • Opcode Fuzzy Hash: f4ad7a650952d3278be34f66ec549832c6e3e57ef009a5a3d5104cb0345ea039
                                                                                                            • Instruction Fuzzy Hash: 6741D2B5608E098FD794EB7CC888A6577E2FFAA31072501FAD05DC76A2DA24ED468700
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e7bfffe92f7ef707562e9f0618c35d199452543b349c9b6e0de2505cbe79cc21
                                                                                                            • Instruction ID: f54f5d1f1b65dc2747d36ea4b72ed99012404fd41b5a31e002867bc452401e3a
                                                                                                            • Opcode Fuzzy Hash: e7bfffe92f7ef707562e9f0618c35d199452543b349c9b6e0de2505cbe79cc21
                                                                                                            • Instruction Fuzzy Hash: F741F4A6A0D6CA5FE742EBBCE8A50E57F60EF47310B5900F7D054CB097DA392906C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c442de89d892f7582fda209c802458689f11bed135a66915f5b86395aa8b88f
                                                                                                            • Instruction ID: 1a6442a5ecb093b85d659258c8cc98989e86369031329b2018c6104fb4239f1d
                                                                                                            • Opcode Fuzzy Hash: 2c442de89d892f7582fda209c802458689f11bed135a66915f5b86395aa8b88f
                                                                                                            • Instruction Fuzzy Hash: CD3128A2A0CA491FE398E67C98895613BD1FFAA350B1401FFE49CC31E3ED11A8468751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc9733dedea28bd07181e8e0ebc952a23eba35acf9a5e267a4172277bfbdded7
                                                                                                            • Instruction ID: 0c973ad3158521774dd4bb163c199cc2b72c817e61cbce169e6df2cf4c1d3d6f
                                                                                                            • Opcode Fuzzy Hash: fc9733dedea28bd07181e8e0ebc952a23eba35acf9a5e267a4172277bfbdded7
                                                                                                            • Instruction Fuzzy Hash: 9A3134D7A0C94A1FE798E27C8C995B56BD2EF95A6072840FFD04DC70C7DE289C0A8391
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 21e1cdcc24ae965f2eecba46a5194bef54f340b005c62a117fa7651b4b4f56b5
                                                                                                            • Instruction ID: bcde336d85fe6e8508ce2007fed4b44c6c016c4fdb08d14d4cedbbf420f26c7c
                                                                                                            • Opcode Fuzzy Hash: 21e1cdcc24ae965f2eecba46a5194bef54f340b005c62a117fa7651b4b4f56b5
                                                                                                            • Instruction Fuzzy Hash: E7318974718A498FE799EB3C8454BA437E2EF8A304F6410FAD44DCB2E6CE25AC458740
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bec3b6624e55403f55f731af7eef096eb44e9a0eac3e09eaef9cc5faf6251fa1
                                                                                                            • Instruction ID: a3b4362571d485b5d40431e29651fc8913604d63d35f9e30863c9a70728639b0
                                                                                                            • Opcode Fuzzy Hash: bec3b6624e55403f55f731af7eef096eb44e9a0eac3e09eaef9cc5faf6251fa1
                                                                                                            • Instruction Fuzzy Hash: B52191A5B1C94A4FEB99E66C94243B877E1FF8A310F1411BAE05EC32C6DF299D028345
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e20d8017ed34ed000b7d38ce9c925c09771d852d9cac051a90b4e141e8acc35
                                                                                                            • Instruction ID: 883f9768028aa0fc186c36ffa25a0eb8c37d960d84e62e62464903bb4d0b1a86
                                                                                                            • Opcode Fuzzy Hash: 6e20d8017ed34ed000b7d38ce9c925c09771d852d9cac051a90b4e141e8acc35
                                                                                                            • Instruction Fuzzy Hash: 9F319274A09A098FE758FB38C501AAA73D1FF8A301F6445F9D01ECB2D2CE39E9428741
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2b6ee1601236866198f3913b015ba4a945c7a94c50a5ecefde51ec9de619fdb7
                                                                                                            • Instruction ID: d338a8c0939df01c0c8d469e92397b95b3e69220034c69a642270d74573cb681
                                                                                                            • Opcode Fuzzy Hash: 2b6ee1601236866198f3913b015ba4a945c7a94c50a5ecefde51ec9de619fdb7
                                                                                                            • Instruction Fuzzy Hash: 8131DF71E0CA4C8FDF84EBB8C4456EA7BF1FF4A310F1801BAD009D7292DA35A84087A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9183991e0bfb18faad2deec80e469165d44161cc7d14987289ffff85b740f0fc
                                                                                                            • Instruction ID: 1eefaa487a7cbc10532b373f2213309097ba079100bc0f35a5b89e2d669ebe23
                                                                                                            • Opcode Fuzzy Hash: 9183991e0bfb18faad2deec80e469165d44161cc7d14987289ffff85b740f0fc
                                                                                                            • Instruction Fuzzy Hash: 563147B290CA855FE381DA78C891560BBD0EF9A310B1901EAD09CCB2E2DF25A846C352
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed23c5071cdb116cd96945a6106a1ff9e72cf7eccc85bcdb4ea28d75c2ef1264
                                                                                                            • Instruction ID: d8d3349ca84ba29b4d44226244c609ad2082f5c3abd47a4b53b01db1f5873a4f
                                                                                                            • Opcode Fuzzy Hash: ed23c5071cdb116cd96945a6106a1ff9e72cf7eccc85bcdb4ea28d75c2ef1264
                                                                                                            • Instruction Fuzzy Hash: 9D31276461DA8B0FE7A1E37C88951B0BBD0DF07318B9818FEC448CB1E3DE16D8428351
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 26a9315c556be1bbf47960a0005b1414a6bbe30a76b7c98095d4d77cfb4f12a7
                                                                                                            • Instruction ID: 15caf3126e6443d0706ccf4f9ffe03eeff20496ddb144429fbc379049cac8810
                                                                                                            • Opcode Fuzzy Hash: 26a9315c556be1bbf47960a0005b1414a6bbe30a76b7c98095d4d77cfb4f12a7
                                                                                                            • Instruction Fuzzy Hash: 2B31046591DAD60FE7A6E37C88A41A47FE0DF07318B5C29FEC448CB1E3DA19E8428341
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5eae81f7f7b54d7cfd34e9ed67cdca9eedba26fa506e773a51afe17a67f15e00
                                                                                                            • Instruction ID: 1b13c2e514618455c9a84a4a0235f72164dd40ef1965d591b616af03cd718f41
                                                                                                            • Opcode Fuzzy Hash: 5eae81f7f7b54d7cfd34e9ed67cdca9eedba26fa506e773a51afe17a67f15e00
                                                                                                            • Instruction Fuzzy Hash: 2721F5A6B0CA064BD758F57C88965B837D2EF96620B2401BFD05AC71D7DE24A8078284
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ddbbd400c4582ea4cde19035f2d8f658db6e4ef73913cd5d0c21994ef567f892
                                                                                                            • Instruction ID: c73a9aaadfd488095f2a636f9133ba7539026f3fcda9830cd5b3d1e6843d8409
                                                                                                            • Opcode Fuzzy Hash: ddbbd400c4582ea4cde19035f2d8f658db6e4ef73913cd5d0c21994ef567f892
                                                                                                            • Instruction Fuzzy Hash: C011592690C98A0FE316A77898169A03FF1EF87350F6941FAD05DC71C3ED18A90A8391
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 07201547b9fbeed39fc08a2a8d7373c9c243c17a03b6a2cfebafb9179d130c0b
                                                                                                            • Instruction ID: 578f6b21360def8abf1a5f351f1228c66ac7fe19ec4e77a72675279a4bd2e5ec
                                                                                                            • Opcode Fuzzy Hash: 07201547b9fbeed39fc08a2a8d7373c9c243c17a03b6a2cfebafb9179d130c0b
                                                                                                            • Instruction Fuzzy Hash: 58213872A0CE484FE784EA7CC895461BBD1EFD9314B1906AAE09CC72A2CB20E846C341
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0ebf8effff49d6d504780f86004a625d3020f9c023cd8e0954b780e0491b6c8a
                                                                                                            • Instruction ID: 980d51f3720df8beb80876851af8ca2a08b2d3e2332e696222a54234f1f605ca
                                                                                                            • Opcode Fuzzy Hash: 0ebf8effff49d6d504780f86004a625d3020f9c023cd8e0954b780e0491b6c8a
                                                                                                            • Instruction Fuzzy Hash: 34215EA6B08D0D4FE794FA7C8499BB977D2EF98710B1441B9D09FC7296DE28A806C740
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d4694f7b4a04ec77697e669ada6a6dfa47ddbdc4bb2866f487005d63e7dd344
                                                                                                            • Instruction ID: 258beb8049ca5479cac67093052d19fef2d3f7e7f0b5fc7dc9611782786c5472
                                                                                                            • Opcode Fuzzy Hash: 3d4694f7b4a04ec77697e669ada6a6dfa47ddbdc4bb2866f487005d63e7dd344
                                                                                                            • Instruction Fuzzy Hash: 5B11E45660CE890FEBC9A67C94556B537E1EF9A31471801FAD44DC71D7DD28A9028380
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d812e667c19da9f2b1b39e6a79c35765992b8d1f883ef5893fe3bfcd24e0df26
                                                                                                            • Instruction ID: b5e2972e388cea945ebb94218303f88dfdea425e69ca81cb9e5c9e5562d8ab60
                                                                                                            • Opcode Fuzzy Hash: d812e667c19da9f2b1b39e6a79c35765992b8d1f883ef5893fe3bfcd24e0df26
                                                                                                            • Instruction Fuzzy Hash: F2116151B2DB881FC795AABC6C566693FE6DBCEA2071402FFA04DC3397D8149C0983D2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2e6b3676ab94ff92b79305d852785fb98e417e8be08d9bf2499ced83b52472f6
                                                                                                            • Instruction ID: c6e69c6381af7b7c696637af4106555e777e438679a01a8004c983dda3e3c8a4
                                                                                                            • Opcode Fuzzy Hash: 2e6b3676ab94ff92b79305d852785fb98e417e8be08d9bf2499ced83b52472f6
                                                                                                            • Instruction Fuzzy Hash: 78114C92E0DE9A1FE395A2BC58D91F56BC1EF8662071902FBE09CC72C7DD185C4283C1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 56979f0e004bddc4de5ae896deb1f552af26b40ca99966a3a8f209ca95c6118c
                                                                                                            • Instruction ID: d3d7da2cc5af17a1b90bae550be7cb9b1b04795dedd2a959afb6c02ab53058df
                                                                                                            • Opcode Fuzzy Hash: 56979f0e004bddc4de5ae896deb1f552af26b40ca99966a3a8f209ca95c6118c
                                                                                                            • Instruction Fuzzy Hash: 5C11C675908D1E4FDBA8FA68C855AB977E1FF5A710F1401BBD05EC31C5CE15A804C780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 12c3f3f6b3d662c8fd28bc9bca59d254dbf55c3298a2d858ada35c2189d1fc31
                                                                                                            • Instruction ID: d36065803269a06d41d3d65159a3eb2efa6852640bc7033830875f8757bac812
                                                                                                            • Opcode Fuzzy Hash: 12c3f3f6b3d662c8fd28bc9bca59d254dbf55c3298a2d858ada35c2189d1fc31
                                                                                                            • Instruction Fuzzy Hash: A411E552648D4D0FEBD8F66D9459AB533D1EF9935472401FAD40EC32DBDD29AC428380
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f3e09c8c21af146aaab48d7e530f9b88acefde4190daed93585c4a097a3af7f0
                                                                                                            • Instruction ID: 3146c475c21b63a28149f71b03982f6659e1851aa7f7458608f87314f11f2a25
                                                                                                            • Opcode Fuzzy Hash: f3e09c8c21af146aaab48d7e530f9b88acefde4190daed93585c4a097a3af7f0
                                                                                                            • Instruction Fuzzy Hash: F5113636E089458FE794EABD94946B863C1EF58364F1801BDD45DC32E6DD18AD82CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 962dc928747424e4ae9ff7a1a26a245221fb9237960286c40c5395da5f271277
                                                                                                            • Instruction ID: 2183f0402cc0e6074dcfebd6efd5883eac02d8999c91988070fc8cddad5e7733
                                                                                                            • Opcode Fuzzy Hash: 962dc928747424e4ae9ff7a1a26a245221fb9237960286c40c5395da5f271277
                                                                                                            • Instruction Fuzzy Hash: C111737560CA4A4FDB88FF6CD4412A973D2FF8A311B5065B5E05DC32C6CE34A8518780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee80f8dd83a5ab0b494f5698d7778b122ddc1a75432875c046bbb189138a1273
                                                                                                            • Instruction ID: ad993d1819d096ee3a3846ca1d7cd58238818986480ffec6fd4cf1e412998f1d
                                                                                                            • Opcode Fuzzy Hash: ee80f8dd83a5ab0b494f5698d7778b122ddc1a75432875c046bbb189138a1273
                                                                                                            • Instruction Fuzzy Hash: 1B112CEA90F6C20FF719E278AC510B5BFA0EF53254F1C10FBC498964D3DB19E9069266
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: adb84cf13eabfa111afe4dbe84a4176eebe404cceb4dad146de9f1c4a0d7ffc4
                                                                                                            • Instruction ID: ea5663579626939d5f05e48696d7b8950839e8eb3afb19fd542d9580173c6335
                                                                                                            • Opcode Fuzzy Hash: adb84cf13eabfa111afe4dbe84a4176eebe404cceb4dad146de9f1c4a0d7ffc4
                                                                                                            • Instruction Fuzzy Hash: D4018424509A894FE38AA778D4597B177D2EF86315F1800F9D459C72D3D92A5842C351
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9d224b19fdda611720b71d7176e98d6ded8dcce1b1418605db8b6326e572cb9a
                                                                                                            • Instruction ID: e43b1f6836ec9903ac38eb18628561cbe00f1cacc464c8e9944ed43d0eb93b48
                                                                                                            • Opcode Fuzzy Hash: 9d224b19fdda611720b71d7176e98d6ded8dcce1b1418605db8b6326e572cb9a
                                                                                                            • Instruction Fuzzy Hash: 1B01F9B6A1CE081BE784E57CDCC58657BD1EFDD754B1402FEE45CC72A1CE20A8418681
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcf2239fbedf81d956052bb56ce0a5dbc6e31b69c3ce89f8c4634ae5f0baa773
                                                                                                            • Instruction ID: e1a35d90699eb54b28c1505619f8ffe62a37c0c26c9156d79c2d7ca0a3bfeeb1
                                                                                                            • Opcode Fuzzy Hash: bcf2239fbedf81d956052bb56ce0a5dbc6e31b69c3ce89f8c4634ae5f0baa773
                                                                                                            • Instruction Fuzzy Hash: 16113C6490EBC54FD357A77888646547FF1AF1B300B1E45E7C0D8CB1E3DA5868098352
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cf0a99e9dac9ac5ee319e296b471d1faf67ddbed2c06abc6f7d4eff84541fded
                                                                                                            • Instruction ID: c5b8fd6982327c89bcd082cd26c88c846bd0f26aba44a12298b1dbbf5c8d6e59
                                                                                                            • Opcode Fuzzy Hash: cf0a99e9dac9ac5ee319e296b471d1faf67ddbed2c06abc6f7d4eff84541fded
                                                                                                            • Instruction Fuzzy Hash: 5101F2E7A0DA8B4FE7D1E2B884690B92BE1EF9675271800F6D45AC71C3ED085D039202
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 33efe7474bac0dc5c3fe1b47c85693c603f63fa3f8bfd30e175fa28ec0032e45
                                                                                                            • Instruction ID: 55727a88d8290766ab6a0ae0a4fbf522c04967f03dee89bfd9510fafb85ca9de
                                                                                                            • Opcode Fuzzy Hash: 33efe7474bac0dc5c3fe1b47c85693c603f63fa3f8bfd30e175fa28ec0032e45
                                                                                                            • Instruction Fuzzy Hash: 11F0BEA2B1DD0A0BABB862FD7CA957622C1DBA9661B2412BBE40DC32D4EC059C4442C0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3833e19e8bb95cbfec5a22e955dc9516d179ba808238e1eeb137fd3844f8747d
                                                                                                            • Instruction ID: 16bf7959f372a6bd6b19c5ae9d91925410f812f753982f5eb2565cb572acb016
                                                                                                            • Opcode Fuzzy Hash: 3833e19e8bb95cbfec5a22e955dc9516d179ba808238e1eeb137fd3844f8747d
                                                                                                            • Instruction Fuzzy Hash: 15F02256B18D5F0BE7C8B6BC40A023851C2EF892217A860FAD00DC32D7EC28CC419341
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f80b97562d4f52de7d55b8d7739577a0f660edf9a56e34c98e638b8a5f6f5a6a
                                                                                                            • Instruction ID: 0d2c86628492dd29276807feb34d15df2a822d57047067a98e1f55f1f260acb3
                                                                                                            • Opcode Fuzzy Hash: f80b97562d4f52de7d55b8d7739577a0f660edf9a56e34c98e638b8a5f6f5a6a
                                                                                                            • Instruction Fuzzy Hash: 77F0E561B1EE8F0FE7B8A3BD6CA917426C0EB69321B6812FBD408C22D2ED59DC414340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dab006368c047beab71e50470020684fb5e97128daed7c4b4a3eba635634607b
                                                                                                            • Instruction ID: 9c82aef6cd6d3c6004f78f26912f9a9c634f5f2cf8c68daf035c00ae2b6d0dae
                                                                                                            • Opcode Fuzzy Hash: dab006368c047beab71e50470020684fb5e97128daed7c4b4a3eba635634607b
                                                                                                            • Instruction Fuzzy Hash: 0AE09B11B1D81617F764B1FE7CC96B652C5D79D271B1402BBE81CC32C2DC49DC854294
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3735ebb8b4926e3843874939b7440ad6c9d76af0d44b1a9e1422b86e4baf18e8
                                                                                                            • Instruction ID: 53cc9444e65c9268da7f330ddfe2852b1e314ab3e3f9819a76739c82c04f95cb
                                                                                                            • Opcode Fuzzy Hash: 3735ebb8b4926e3843874939b7440ad6c9d76af0d44b1a9e1422b86e4baf18e8
                                                                                                            • Instruction Fuzzy Hash: 0EF0E955D0D3D19FEB16E6B888143757BA19F87300F1981FBD098CB1D3DB6859088382
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 463d1a735087933c3e2a06f298827e063fb71a60e3a1d183a1d83486117f771b
                                                                                                            • Instruction ID: 2a41bbbed495130532df96d9def2766b2fbdc56f04d61a0e5faf9fa1d478eab2
                                                                                                            • Opcode Fuzzy Hash: 463d1a735087933c3e2a06f298827e063fb71a60e3a1d183a1d83486117f771b
                                                                                                            • Instruction Fuzzy Hash: 74F027E7A0994A0FD745B2B99C551786381EF81760B1454FAD059CB6C6CD199C868740
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d294f4dff347ce570f8b76289b944b2a1a0f8f28428ba8ca7f7707d6f778d28d
                                                                                                            • Instruction ID: 698a9563f4ce8d0cc70ae86047dc2aa3abcaa9289dfe2de267e5a6457ffaa487
                                                                                                            • Opcode Fuzzy Hash: d294f4dff347ce570f8b76289b944b2a1a0f8f28428ba8ca7f7707d6f778d28d
                                                                                                            • Instruction Fuzzy Hash: 57F03995A1EAC61FE762F2B948941342BE59B5A25171901FBD498C31D3DD48AC088362
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8cdeb85b6583ac4623e7428e84a0c6a18293083574355e58ac7768738320ef1e
                                                                                                            • Instruction ID: c6245fca6aba9d82172101ddf9339d8b62480d9344e0cfe24272931afa1c7865
                                                                                                            • Opcode Fuzzy Hash: 8cdeb85b6583ac4623e7428e84a0c6a18293083574355e58ac7768738320ef1e
                                                                                                            • Instruction Fuzzy Hash: F2E0C232A04A0E8FC30AD769D8111B577A5EF8A39031840B7C01DC71D2DA247958C760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: afffb44e1441b6d1b166bc2c576e4d70422bf12ce14ea1f2d1f8ed6392cbbd70
                                                                                                            • Instruction ID: 44fdfe1279db722c2fec256ff560922e197e0e29e2f210d7956c02fffde3f1cd
                                                                                                            • Opcode Fuzzy Hash: afffb44e1441b6d1b166bc2c576e4d70422bf12ce14ea1f2d1f8ed6392cbbd70
                                                                                                            • Instruction Fuzzy Hash: 82C022B080282003833830BA080C82328A8CACA322B2082B8F02CC32A2CE308802C3E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: _)U$8[)U$H^)U$U$h_)U$p])U
                                                                                                            • API String ID: 0-417046479
                                                                                                            • Opcode ID: a511afbf2de58f23957cb6bc850a9378026611084a2aafdbc5dd558acb8d7aac
                                                                                                            • Instruction ID: 5f3548c4f77e8814151cba386db993cc184ebe538921dcac346e597223941aad
                                                                                                            • Opcode Fuzzy Hash: a511afbf2de58f23957cb6bc850a9378026611084a2aafdbc5dd558acb8d7aac
                                                                                                            • Instruction Fuzzy Hash: AD3194CA91E9C24BEF29D2B85854175AEB1AF0371476C20FFC0988B1DFD494DE458399
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: S_^$S_^$S_^$S_^$S_{
                                                                                                            • API String ID: 0-2303693862
                                                                                                            • Opcode ID: 7c3084f4d6682f198993d843256207722588c65c85800088f5f7201507a2c7dd
                                                                                                            • Instruction ID: b3fe14531b41da16b60bc94442e621ed844d94cec09d874790789f6e7ccf824c
                                                                                                            • Opcode Fuzzy Hash: 7c3084f4d6682f198993d843256207722588c65c85800088f5f7201507a2c7dd
                                                                                                            • Instruction Fuzzy Hash: 6E31E9E7A0D2950FE315AABD9CD51D5BBD4EFA1228B1E01F6C0EC8B2C3FC542C468290
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.1920363905.00007FFBF7250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBF7250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_7ffbf7250000_ssUpdate.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (8}2$H8}2$P8}2$X8}2
                                                                                                            • API String ID: 0-2465000007
                                                                                                            • Opcode ID: d77107c8069096652b49b90d3cc333c4319d00d3f1222b3680bbc4961c08345b
                                                                                                            • Instruction ID: 39d01a71733b40a2b6dc630f5d9fe5e6491eb26545a869e5ccad829df11c406d
                                                                                                            • Opcode Fuzzy Hash: d77107c8069096652b49b90d3cc333c4319d00d3f1222b3680bbc4961c08345b
                                                                                                            • Instruction Fuzzy Hash: D741E43060CA8D4FEB85E738949167477E1EF9B34475904F7D449CB2A7DE2AA8468720
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%