Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
TA.exe

Overview

General Information

Sample Name:TA.exe
Analysis ID:1347278
MD5:c11a8a38c5e29be8c6419d493dd2cbe4
SHA1:952636f0d3a3620bbebc5c726d7a99788c0bbc4a
SHA256:e2dd1c63b8a995b7616586157b8cecd43a460afccf052929cf852998b1ab4d3b
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Machine Learning detection for sample
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Potential key logger detected (key state polling based)
Found potential string decryption / allocating functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • TA.exe (PID: 4176 cmdline: C:\Users\user\Desktop\TA.exe MD5: C11A8A38C5E29BE8C6419D493DD2CBE4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Spreading
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: TA.exeAvira: detected
Source: TA.exeReversingLabs: Detection: 48%
Source: TA.exeVirustotal: Detection: 58%Perma Link
Source: https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018&signkey=loginjsaAvira URL Cloud: Label: phishing
Source: http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=Avira URL Cloud: Label: phishing
Source: http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=Accept:Avira URL Cloud: Label: phishing
Source: TA.exeJoe Sandbox ML: detected
Source: TA.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004D6C02 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_004D6C02
Source: TA.exeString found in binary or memory: http://172.31.122.69:8080;
Source: TA.exeString found in binary or memory: http://180.153.49.70:18080/ckdhd/sendShortMessage.action
Source: TA.exeString found in binary or memory: http://2018k.cn/api
Source: TA.exeString found in binary or memory: http://2018k.cn/api/
Source: TA.exeString found in binary or memory: http://2018k.cn/api/checkVersion?id=
Source: TA.exeString found in binary or memory: http://2018k.cn/api/checkVersion?id=remarknoticevisit&data=remark
Source: TA.exeString found in binary or memory: http://8087.ij120.zoenet.cn/user/getValidateCode
Source: TA.exeString found in binary or memory: http://account.9aoduo.com
Source: TA.exeString found in binary or memory: http://account.9aoduo.com/pwdprotect/bindMobile.action?duoduoId=481137208&gId=0
Source: TA.exeString found in binary or memory: http://account.9aoduo.com/pwdprotect/getBindMobileVerifyCode.action
Source: TA.exeString found in binary or memory: http://account.9aoduo.com/pwdprotect/getBindMobileVerifyCode.actionhttp://www.rudder.com.cn/Ajax/Sen
Source: TA.exeString found in binary or memory: http://api.deiyoudian.com/api/user/seller/v1/user/sendcode
Source: TA.exeString found in binary or memory: http://api.deiyoudian.com/api/user/seller/v1/user/sendcode&areacode=&sign=89CE7E3C87E592624DBE64C51F
Source: TA.exeString found in binary or memory: http://api.juejinchain.com/v1/passport/smscode?mobile=
Source: TA.exeString found in binary or memory: http://api.kingdee.com/passport/account/phone/vcode
Source: TA.exeString found in binary or memory: http://api.kingdee.com/passport/account/phone/vcode&type=5&nation=CN&from_domain=yjs_h5&verifycode=&
Source: TA.exeString found in binary or memory: http://api.passport.pptv.com/snsms/sendcode?_source=ppsports&apptype=android&appversion=1.0.7.1&devi
Source: TA.exeString found in binary or memory: http://api.qingmang.me/v1/account.sendVerification?token=&phone=%2B86
Source: TA.exeString found in binary or memory: http://api.shareinstall.com.cn/login/sendmessage
Source: TA.exeString found in binary or memory: http://api.shareinstall.com.cn/login/sendmessage&vcode=010101&msgtype=5&time=2020-07-13&m1=21c0ababd
Source: TA.exeString found in binary or memory: http://apimain.gooddr.com/welcome/get_invitation_code
Source: TA.exeString found in binary or memory: http://app.51ljb.cn/api/v2/user/sendCode
Source: TA.exeString found in binary or memory: http://app.51ljb.cn/api/v2/user/sendCodetokenId=10&token=d4c4865da8f81beabb65c9d6bf80a817&random=336
Source: TA.exeString found in binary or memory: http://app.ftutj.cn/web/api.php?s=/Login/sendMobileCode
Source: TA.exeString found in binary or memory: http://appi.yizhuangw.cn/rest/v1/user/register/securityCode?mobile=
Source: TA.exeString found in binary or memory: http://b2b.haier.com
Source: TA.exeString found in binary or memory: http://b2b.haier.com/
Source: TA.exeString found in binary or memory: http://b2b.haier.com/shop/api/mobiles/register/getMobileValidateCodeByMobiles
Source: TA.exeString found in binary or memory: http://b2b.haier.com/shop/api/mobiles/register/getMobileValidateCodeByMobileshttps://diantoushi.com/
Source: TA.exeString found in binary or memory: http://case.100.com/captcha?source=57&mobile=
Source: TA.exeString found in binary or memory: http://case.100.com/captcha?source=57&mobile=Host:
Source: TA.exeString found in binary or memory: http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=
Source: TA.exeString found in binary or memory: http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=Accept:
Source: TA.exeString found in binary or memory: http://e.huanduguihua.com
Source: TA.exeString found in binary or memory: http://e.huanduguihua.com/account.do?action=getRegisterMobileVerificationCode
Source: TA.exeString found in binary or memory: http://e.huanduguihua.com/account.do?action=getRegisterMobileVerificationCodehttps://vip.meishubao.c
Source: TA.exeString found in binary or memory: http://e.huanduguihua.com/registerRedirect.do?action=toRegister&fromurl=http://e.huanduguihua.com/ac
Source: TA.exeString found in binary or memory: http://fmall.feihuo.com/login/smsCode
Source: TA.exeString found in binary or memory: http://food.funtoygame.com/index.php/RegisterPresent/getCode
Source: TA.exeString found in binary or memory: http://gj.liansuosoft.com/ShopRegister/SendSms?mobile=
Source: TA.exeString found in binary or memory: http://gold800.com
Source: TA.exeString found in binary or memory: http://gold800.com/home/backinterface/sendVerifycode
Source: TA.exeString found in binary or memory: http://gold800.com/home/index/registerAccount
Source: TA.exeString found in binary or memory: http://hall.gameabc.com/lobby/sendRegisterCode
Source: TA.exeString found in binary or memory: http://homelegal.cn
Source: TA.exeString found in binary or memory: http://homelegal.cn/mobile/
Source: TA.exeString found in binary or memory: http://id.ifeng.com/api/simplesendmsg?mobile=
Source: TA.exeString found in binary or memory: http://juniorapi.gzxiangqi.cn/juniorAccounts/v2/getCode/3/
Source: TA.exeString found in binary or memory: http://juniorapi.gzxiangqi.cn/juniorAccounts/v2/getCode/3/referer:
Source: TA.exeString found in binary or memory: http://khjc.zjjytech.com/aspx/ajax.aspx
Source: TA.exeString found in binary or memory: http://login.lvmama.com/nsso//mobileAjax/register.do?mobileOrEMail=
Source: TA.exeString found in binary or memory: http://login.lvmama.com/nsso//mobileAjax/register.do?mobileOrEMail=http://www.tianjin-air.com/api/us
Source: TA.exeString found in binary or memory: http://m.138job.com
Source: TA.exeString found in binary or memory: http://m.138job.com/Register/Register1
Source: TA.exeString found in binary or memory: http://m.360xkw.com
Source: TA.exeString found in binary or memory: http://m.360xkw.com/mine.html
Source: TA.exeString found in binary or memory: http://m.360xkw.com/tiku/sms/sendSMSForH5NoLogin.do?type=1
Source: TA.exeString found in binary or memory: http://m.360xkw.com/tiku/sms/sendSMSForH5NoLogin.do?type=1&password=147a258b&loginCode=qq&weixin_uni
Source: TA.exeString found in binary or memory: http://m.7799520.com
Source: TA.exeString found in binary or memory: http://m.7799520.com/api/passport/wap/register/send
Source: TA.exeString found in binary or memory: http://m.7799520.com/api/passport/wap/register/sendhttps://www.12345fund.com/api/v1/sf_fund/send_pho
Source: TA.exeString found in binary or memory: http://m.7799520.com/register.html
Source: TA.exeString found in binary or memory: http://m.95303.com/User/Send_tel_identifying?tel=
Source: TA.exeString found in binary or memory: http://m.95303.com/wx/usercenter/login?rd=http%3A%2F%2Fm.95303.com%2Fnew%2Fmain%2Fmy
Source: TA.exeString found in binary or memory: http://m.baitongshiji.com/Center/registerSendMessage
Source: TA.exeString found in binary or memory: http://m.changshurencai.com
Source: TA.exeString found in binary or memory: http://m.changshurencai.com/members/reg_send_sms.htm?_=1595160819878
Source: TA.exeString found in binary or memory: http://m.changshurencai.com/members/reg_send_sms.htm?_=1595160819878Accept:
Source: TA.exeString found in binary or memory: http://m.changshurencai.com/members/register/utype/2.htm
Source: TA.exeString found in binary or memory: http://m.china-ef.com/common/sendmsg/2018/ajax/ajax_msg.ashx
Source: TA.exeString found in binary or memory: http://m.china-ef.com/trade/2431799.html
Source: TA.exeString found in binary or memory: http://m.china-ef.com/trade/2431799.htmlaction=send&mobile=http://m.china-ef.com/common/sendmsg/2018
Source: TA.exeString found in binary or memory: http://m.city8.com/ak/bianminfuwu/3317976_srjgsp_address
Source: TA.exeString found in binary or memory: http://m.jinyingjie.com
Source: TA.exeString found in binary or memory: http://m.jinyingjie.com/Api/new_sendSms.html
Source: TA.exeString found in binary or memory: http://m.jinyingjie.com/Api/new_sendSms.html&phone_cc=86&ignore_already_registered=1client_id=108986
Source: TA.exeString found in binary or memory: http://m.jinyingjie.com/Login/flow_login.html
Source: TA.exeString found in binary or memory: http://m.jiwu.com/user
Source: TA.exeString found in binary or memory: http://m.kongfz.cn
Source: TA.exeString found in binary or memory: http://m.kongfz.cn/31236953
Source: TA.exeString found in binary or memory: http://m.kongfz.cn/login/Mobile/Ajax/sendMobileCheckCodeByQuickBuy
Source: TA.exeString found in binary or memory: http://m.login.httpcn.com/login/LoginCode?callbackparam=jQuery111106766551584217104_1592824186799&va
Source: TA.exeString found in binary or memory: http://m.ls0746.ccoo.cn
Source: TA.exeString found in binary or memory: http://m.ls0746.ccoo.cn/Sms/SendSmsCode
Source: TA.exeString found in binary or memory: http://m.ls0746.ccoo.cn/Sms/SendSmsCode&type=1&hash=e5038cdehttps://www.znds.com/plugin.php?id=tshuz
Source: TA.exeString found in binary or memory: http://m.ls0746.ccoo.cn/reg/phonereg.aspx
Source: TA.exeString found in binary or memory: http://m.pinghu.ccoo.cn
Source: TA.exeString found in binary or memory: http://m.pinghu.ccoo.cn/Sms/SendSmsCode
Source: TA.exeString found in binary or memory: http://m.pinghu.ccoo.cn/Sms/SendSmsCode&verifyCode=&userTagInMes=&merchantId=23129&smsChannel=1187ph
Source: TA.exeString found in binary or memory: http://m.pinghu.ccoo.cn/reg/phonereg.aspx
Source: TA.exeString found in binary or memory: http://m.qarc.cn/account/personcheck.aspx
Source: TA.exeString found in binary or memory: http://m.sczw.com
Source: TA.exeString found in binary or memory: http://m.sczw.com/member_operate/register.html
Source: TA.exeString found in binary or memory: http://m.sczw.com/verify/ajaxsendsms/cid/register.html
Source: TA.exeString found in binary or memory: http://m.sczw.com/verify/ajaxsendsms/cid/register.htmlhttps://www.zx123.cn/member/register.php?actio
Source: TA.exeString found in binary or memory: http://m.tk.cn/tkmobile/orderSentSmsServlet?mobile=
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com/login/getToken
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com/login/getTokenmobile=Host:
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com/login/register
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com/login/sendCodes
Source: TA.exeString found in binary or memory: http://m.tuiyizx.com/login/sendCodeshttp://www.boloni.com/cmobile/user/getToken.html&type=PCG&remark
Source: TA.exeString found in binary or memory: http://m.wypin.com/members/reg_send_sms.html?_=1595811939196
Source: TA.exeString found in binary or memory: http://m.xinsinong.com/register.php
Source: TA.exeString found in binary or memory: http://m.zhimeng.com.cn
Source: TA.exeString found in binary or memory: http://m.zhimeng.com.cn/?/account/ajax/phone_sms/
Source: TA.exeString found in binary or memory: http://m.zhimeng.com.cn/?/account/ajax/phone_sms/Accept:
Source: TA.exeString found in binary or memory: http://m.zhimeng.com.cn/account/register/
Source: TA.exeString found in binary or memory: http://mb.bosoe.cn
Source: TA.exeString found in binary or memory: http://mb.bosoe.cn/login/?xm=hr
Source: TA.exeString found in binary or memory: http://mb.bosoe.cn/login/sms.php
Source: TA.exeString found in binary or memory: http://mb.bosoe.cn/login/sms.php%22
Source: TA.exeString found in binary or memory: http://member.risfond.com/services/accountservices.ashx?action=sendregistercode
Source: TA.exeString found in binary or memory: http://mobile.health.pingan.com/ehis-hl/ajax/sendOTP.action?smscc=ehiswxonly&phone=
Source: TA.exeString found in binary or memory: http://mw.b2b168.com
Source: TA.exeString found in binary or memory: http://mw.b2b168.com/Index.aspx?pg=Register&spm=637294123631529825
Source: TA.exeString found in binary or memory: http://mw.b2b168.com/index.aspx?
Source: TA.exeString found in binary or memory: http://mw.b2b168.com/index.aspx?Accept:
Source: TA.exeString found in binary or memory: http://n.youyuan.com
Source: TA.exeString found in binary or memory: http://n.youyuan.com/v20/info/auth_mobile.html?back=reg
Source: TA.exeString found in binary or memory: http://n.youyuan.com/v20/info/send_captcha.html
Source: TA.exeString found in binary or memory: http://n.youyuan.com/v20/info/send_captcha.html&t=dwcjAccept:
Source: TA.exeString found in binary or memory: http://ndapi.nexttao.com/api/user/request_mobile_code
Source: TA.exeString found in binary or memory: http://ndapi.nexttao.com/api/user/request_mobile_code&newVersion=1&bu=112https://user.daojia.com/mob
Source: TA.exeString found in binary or memory: http://open.7723.com/user/developer_user/send_veri.html
Source: TA.exeString found in binary or memory: http://panel.deiyoudian.com
Source: TA.exeString found in binary or memory: http://panel.deiyoudian.com/
Source: TA.exeString found in binary or memory: http://ptlogin.4399.com/ptlogin/sendPhoneLoginCode.do?phone=
Source: TA.exeString found in binary or memory: http://reg.360hitao.com/ashx/reg.ashx
Source: TA.exeString found in binary or memory: http://reg.wx.suctan.com
Source: TA.exeString found in binary or memory: http://reg.wx.suctan.com/
Source: TA.exeString found in binary or memory: http://reg.wx.suctan.com/handle/verifyCode
Source: TA.exeString found in binary or memory: http://reg.wx.suctan.com/handle/verifyCode&country_code=86https://work.weixin.qq.com/wework_admin/re
Source: TA.exeString found in binary or memory: http://six.sjk99.cn/index/index/yzm.html
Source: TA.exeString found in binary or memory: http://six.sjk99.cn/index/index/yzm.htmlhttps://i.gtja.com/m/semLdAction.do?method=sendMessageCodeSp
Source: TA.exeString found in binary or memory: http://sns.xgtt.cn/index.php?app=w3g&mod=Public&act=sendReigterCode
Source: TA.exeString found in binary or memory: http://srmemberapp.srgow.com/sys/captcha/
Source: TA.exeString found in binary or memory: http://srmemberapp.srgow.com/sys/captcha/Host:
Source: TA.exeString found in binary or memory: http://static.ymm56.com
Source: TA.exeString found in binary or memory: http://static.ymm56.com/ymm-outdoor/pc-register?role=DRIVER&source=SEO-nav-top
Source: TA.exeString found in binary or memory: http://svip.qzd06.cn
Source: TA.exeString found in binary or memory: http://svip.qzd06.cn/?jh=1-Z%5B%E3%80%90jiace%E3%80%91shici&dy=qita&gjc=%E6%8A%95%E8%B5%84%E7%90%86%
Source: TA.exeString found in binary or memory: http://svip.qzd06.cn/sms2/send6
Source: TA.exeString found in binary or memory: http://svip.qzd06.cn/sms2/send6Accept:
Source: TA.exeString found in binary or memory: http://ts.hcemiao8.com
Source: TA.exeString found in binary or memory: http://ts.hcemiao8.com/wap/?bd_vid=11238475573185923302
Source: TA.exeString found in binary or memory: http://ucenter.zycg.gov.cn/seller/seller/system/registration/mobile_code?key=%7B%22mobile_num%22:%22
Source: TA.exeString found in binary or memory: http://ucenter.zycg.gov.cn/seller/seller/system/registration/step1
Source: TA.exeString found in binary or memory: http://user-api.qianlima.com/api/user/register/mobile/code
Source: TA.exeString found in binary or memory: http://user-api.qianlima.com/api/user/register/mobile/code15123456735&country=86&lang=zh-CN&_=159246
Source: TA.exeString found in binary or memory: http://user.360haoyao.com
Source: TA.exeString found in binary or memory: http://user.360haoyao.com/member/authPhone.action
Source: TA.exeString found in binary or memory: http://user.360haoyao.com/member/phoneAuthCode.action
Source: TA.exeString found in binary or memory: http://user.360haoyao.com/member/phoneAuthCode.action&smscode=&checkcode=&event_submit_do_login=subm
Source: TA.exeString found in binary or memory: http://user.jietusoft.com
Source: TA.exeString found in binary or memory: http://user.jietusoft.com/ajax/sendsms.html
Source: TA.exeString found in binary or memory: http://user.jietusoft.com/ajax/sendsms.htmlaction=bcc775dd71cb43c73288bdd996d10c2b&value=Accept:
Source: TA.exeString found in binary or memory: http://user.jietusoft.com/signup.html
Source: TA.exeString found in binary or memory: http://user.jingxi.net
Source: TA.exeString found in binary or memory: http://user.jingxi.net/index-htm-item-register-action-reg-t-mobile.html
Source: TA.exeString found in binary or memory: http://user.jingxi.net/index.php?nowtime=1599367655771
Source: TA.exeString found in binary or memory: http://user.jingxi.net/index.php?nowtime=1599367655771dx_templateid=SMS_71805298&dx_phone888=Host:
Source: TA.exeString found in binary or memory: http://user.yanyue.cn
Source: TA.exeString found in binary or memory: http://user.yanyue.cn/index.php?m=api&a=rq&s=/tensec/makeseccode
Source: TA.exeString found in binary or memory: http://user.yanyue.cn/index.php?m=api&a=rq&s=/tensec/makeseccode&_input_charset=utf-8&ctoken=-32e8l8
Source: TA.exeString found in binary or memory: http://user.yanyue.cn/index.php?m=yyuser&a=bindphone
Source: TA.exeString found in binary or memory: http://uss.lenovomm.com/accounts/1.4/sendVerifyCode?msisdn=
Source: TA.exeString found in binary or memory: http://v.aimsen.com
Source: TA.exeString found in binary or memory: http://v.aimsen.com/api/user/sendmobilecheckcode
Source: TA.exeString found in binary or memory: http://v.aimsen.com/api/user/sendmobilecheckcodehttp://member.risfond.com/services/accountservices.a
Source: TA.exeString found in binary or memory: http://v.aimsen.com/resumeLogin
Source: TA.exeString found in binary or memory: http://walk-prod.bohanyuedong.com/api/message/sendV2?phone=
Source: TA.exeString found in binary or memory: http://wap.qianlima.com
Source: TA.exeString found in binary or memory: http://wap.qianlima.com/register.jsp
Source: TA.exeString found in binary or memory: http://wap.xzhichang.com
Source: TA.exeString found in binary or memory: http://wap.xzhichang.com/templatecs/Handle/RegisterHandle.ashx
Source: TA.exeString found in binary or memory: http://wap.xzhichang.com/templatecs/Handle/RegisterHandle.ashx&from=1&bkn=1267578444&r=0.72113659601
Source: TA.exeString found in binary or memory: http://wap.xzhichang.com/userlogin/register
Source: TA.exeString found in binary or memory: http://wenxuan.pospal.cn
Source: TA.exeString found in binary or memory: http://wenxuan.pospal.cn/m/accountv4
Source: TA.exeString found in binary or memory: http://wenxuan.pospal.cn/wxapi/customeraccount/SendSecurityCodeCode
Source: TA.exeString found in binary or memory: http://wenxuan.pospal.cn/wxapi/customeraccount/SendSecurityCodeCodehttp://xyhn.hainan.gov.cn/CreditH
Source: TA.exeString found in binary or memory: http://www.01teacher.com/u/account/sendcode
Source: TA.exeString found in binary or memory: http://www.138job.com//Register/SendMobile?mobile627abc=
Source: TA.exeString found in binary or memory: http://www.24om.com/webSrv/getData.asmx/getSmsCode?callback=handleResponse&mobileNO=
Source: TA.exeString found in binary or memory: http://www.360doc.com/login.aspx?reurl=http://www.360doc.com/content/18/0109/00/1768535_720366407.sh
Source: TA.exeString found in binary or memory: http://www.751314.com
Source: TA.exeString found in binary or memory: http://www.751314.com/751314/reg_8.php
Source: TA.exeString found in binary or memory: http://www.751314.com/api_alidayu/send_msg1.php
Source: TA.exeString found in binary or memory: http://www.admen.cn
Source: TA.exeString found in binary or memory: http://www.admen.cn/
Source: TA.exeString found in binary or memory: http://www.admen.cn/api/member/send-sms-code-by-aliyun
Source: TA.exeString found in binary or memory: http://www.aipai.com/app/www/apps/ums.php?step=ums&mobile=
Source: TA.exeString found in binary or memory: http://www.aipai.com/app/www/apps/ums.php?step=ums&mobile=Accept:
Source: TA.exeString found in binary or memory: http://www.aipai.com/lastest_aipai/info.php
Source: TA.exeString found in binary or memory: http://www.boloni.com
Source: TA.exeString found in binary or memory: http://www.boloni.com/cmobile/front/p/register/index.html
Source: TA.exeString found in binary or memory: http://www.boloni.com/cmobile/user/getToken.html
Source: TA.exeString found in binary or memory: http://www.boloni.com/cmobile/user/sendVerCode.html
Source: TA.exeString found in binary or memory: http://www.boloni.com/cmobile/user/sendVerCode.htmlhttps://host.convertlab.com/sms/token?mobile=&typ
Source: TA.exeString found in binary or memory: http://www.caiheshui.com
Source: TA.exeString found in binary or memory: http://www.caiheshui.com/
Source: TA.exeString found in binary or memory: http://www.cakingsway.com/label/member/getcode.aspx
Source: TA.exeString found in binary or memory: http://www.chesupai.cn/login/sendCheckCode?phone=
Source: TA.exeString found in binary or memory: http://www.chesupai.cn/register/
Source: TA.exeString found in binary or memory: http://www.czb880.cn/czb-portal/common/captchaController.do?sendVerificationCode
Source: TA.exeString found in binary or memory: http://www.dapengjiaoyu.cn
Source: TA.exeString found in binary or memory: http://www.dapengjiaoyu.cn/
Source: TA.exeString found in binary or memory: http://www.dapengjiaoyu.cn/register/sendCode
Source: TA.exeString found in binary or memory: http://www.dapengjiaoyu.cn/register/sendCode%22%7D&inputParameter=%7B%22user_phone%22%3A%22Content-T
Source: TA.exeString found in binary or memory: http://www.dasiyingyu.com/save2.php
Source: TA.exeString found in binary or memory: http://www.dd2007.com/swhz
Source: TA.exeString found in binary or memory: http://www.dq123.com/member/reg_validphone_twonew.php?t=1596431227467
Source: TA.exeString found in binary or memory: http://www.ecncm.com.cn/register/sendcode
Source: TA.exeString found in binary or memory: http://www.edu-edu.com/cas/web/message/send?phone=
Source: TA.exeString found in binary or memory: http://www.eqccd.com/Ucenter/reg.aspx
Source: TA.exeString found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: TA.exeString found in binary or memory: http://www.findlaw.cn
Source: TA.exeString found in binary or memory: http://www.findlaw.cn/register/lawyer/
Source: TA.exeString found in binary or memory: http://www.gkgzj.com
Source: TA.exeString found in binary or memory: http://www.gkgzj.com/register2.jspx
Source: TA.exeString found in binary or memory: http://www.gkgzj.com/user/sendValidCode.jspx
Source: TA.exeString found in binary or memory: http://www.gkgzj.com/user/sendValidCode.jspx&uid=&code=&custType=1&dfpToken=THgcKw172ca4b3e57w1uhc42
Source: TA.exeString found in binary or memory: http://www.gongyeyun.com
Source: TA.exeString found in binary or memory: http://www.gongyeyun.com/Account/Register
Source: TA.exeString found in binary or memory: http://www.gongyeyun.com/Account/SendPhoneValidate
Source: TA.exeString found in binary or memory: http://www.gongyeyun.com/Account/SendPhoneValidate&send_code=986989Host:
Source: TA.exeString found in binary or memory: http://www.hao315.com/join/sms/
Source: TA.exeString found in binary or memory: http://www.hyccare.com/AppLoginController.do?registerSendYzm
Source: TA.exeString found in binary or memory: http://www.hzc.com/passport/send-verify2
Source: TA.exeString found in binary or memory: http://www.idcrt.com/process.aspx?c=sendvcode&vt=sms&va=reg&mobile=
Source: TA.exeString found in binary or memory: http://www.idcrt.com/process.aspx?c=sendvcode&vt=sms&va=reg&mobile=&action=SendPhoneVerifyCodePhone=
Source: TA.exeString found in binary or memory: http://www.jiaoping.com
Source: TA.exeString found in binary or memory: http://www.jiaoping.com/product/10694.html
Source: TA.exeString found in binary or memory: http://www.jiaoping.com/product/388.html
Source: TA.exeString found in binary or memory: http://www.jiaoping.com/user/makeVerCode
Source: TA.exeString found in binary or memory: http://www.jiaoping.com/user/makeVerCode&code=ac=phone&to=Host:
Source: TA.exeString found in binary or memory: http://www.jijieu.com/index.php
Source: TA.exeString found in binary or memory: http://www.jijieu.com/index.php&type=commonhttps://www.dm1788.com/index.php?m=Sms&a=sendDouMeiSMS&pT
Source: TA.exeString found in binary or memory: http://www.jisuapp.cn/index.php?r=Login/SendPhoneCode
Source: TA.exeString found in binary or memory: http://www.keedu.cn
Source: TA.exeString found in binary or memory: http://www.keedu.cn/member/regist
Source: TA.exeString found in binary or memory: http://www.keedu.cn/member/smscode
Source: TA.exeString found in binary or memory: http://www.keedu.cn/member/smscodeloginmobi=http://www.cakingsway.com/label/member/getcode.aspxhttps
Source: TA.exeString found in binary or memory: http://www.kpssc.com/checkuser.asp?mobileno=
Source: TA.exeString found in binary or memory: http://www.kuaipeilian.com/api/send_verify_code
Source: TA.exeString found in binary or memory: http://www.lanjiyin.com.cn/index.php/HomeDefault/User/get_code
Source: TA.exeString found in binary or memory: http://www.ljjhome.com
Source: TA.exeString found in binary or memory: http://www.ljjhome.com/wap/act/vipsystem/page/pinless.html
Source: TA.exeString found in binary or memory: http://www.moxingyun.com
Source: TA.exeString found in binary or memory: http://www.moxingyun.com/club/login/send-verify?v=1592628963164
Source: TA.exeString found in binary or memory: http://www.moxingyun.com/club/login/send-verify?v=1592628963164&customertype=2&mode=loginAndRegister
Source: TA.exeString found in binary or memory: http://www.moxingyun.com/vip/
Source: TA.exeString found in binary or memory: http://www.napai.cn/Admin/Booking/send_msm
Source: TA.exeString found in binary or memory: http://www.nejmqianyan.cn/index.php?c=register&m=send_sms
Source: TA.exeString found in binary or memory: http://www.nejmqianyan.cn/index.php?c=register&m=send_smstype=anquanvalid&mobilenum=Accept:
Source: TA.exeString found in binary or memory: http://www.rongziw.com
Source: TA.exeString found in binary or memory: http://www.rongziw.com/
Source: TA.exeString found in binary or memory: http://www.rongziw.com/e/extend/sms_send/api.php
Source: TA.exeString found in binary or memory: http://www.rongziw.com/e/extend/sms_send/api.php&national_code=86&from=1&bkn=1557826707&_=1596758267
Source: TA.exeString found in binary or memory: http://www.rudder.com.cn/Ajax/SendCode.aspx?type=1&mobile=
Source: TA.exeString found in binary or memory: http://www.sgjia.cn
Source: TA.exeString found in binary or memory: http://www.sgjia.cn/member/288job.php
Source: TA.exeString found in binary or memory: http://www.sgjia.cn/member/288job.php&Ot=6&sign=6481599370507Host:
Source: TA.exeString found in binary or memory: http://www.shareinstall.com.cn
Source: TA.exeString found in binary or memory: http://www.shareinstall.com.cn/login.html
Source: TA.exeString found in binary or memory: http://www.tianjin-air.com/api/user/sendCode?phone=
Source: TA.exeString found in binary or memory: http://www.tianjin-air.com/member/register.html
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/front/ajax/bundingOld
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/front/ajax/bundingOld&action=checkhttps://account.smartisan.com/v2/cellphone/
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/login/getToken
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/login/register
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/login/sendCode_post?mobile=
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/login/sendCode_post?mobile=mobile=15123456788&token=Host:
Source: TA.exeString found in binary or memory: http://www.tuiyizx.com/uc/bd/phone
Source: TA.exeString found in binary or memory: http://www.viptool.cn/apis/common/sendCode
Source: TA.exeString found in binary or memory: http://www.wrd.cn
Source: TA.exeString found in binary or memory: http://www.wrd.cn/user/newGoRegister.shtml
Source: TA.exeString found in binary or memory: http://www.wrd.cn/view/user/sendVcodeSMS.action
Source: TA.exeString found in binary or memory: http://www.wrd.cn/view/user/sendVcodeSMS.action&vcode=&type=2tokenId=10&token=49fa50ac8909e13e014c2b
Source: TA.exeString found in binary or memory: http://www.xmhzoa.com/m-Wap/Member/SendCode
Source: TA.exeString found in binary or memory: http://www.xsxyyys.com/api.php?op=sms&mobile=
Source: TA.exeString found in binary or memory: http://www.yfdyf.com
Source: TA.exeString found in binary or memory: http://www.yfdyf.com/m/passport-sendmsg.html
Source: TA.exeString found in binary or memory: http://www.yfdyf.com/m/passport-sendmsg.html&type=register&_=1594865524565https://www.sypm.cn/captch
Source: TA.exeString found in binary or memory: http://www.yfdyf.com/m/passport/reg.html
Source: TA.exeString found in binary or memory: http://www.yizhuangw.cn
Source: TA.exeString found in binary or memory: http://www.yizhuangw.cn/index.php?a=user&m=register
Source: TA.exeString found in binary or memory: http://www.zhiqz.com/wp-content/plugins/myform/apply.php
Source: TA.exeString found in binary or memory: http://www.zmjiudian.com
Source: TA.exeString found in binary or memory: http://www.zmjiudian.com/Account/Verify
Source: TA.exeString found in binary or memory: http://www.zmjiudian.com/Account/Verify&channel=MobilePriceWeb&callback=GetTelValCode&_=159306745794
Source: TA.exeString found in binary or memory: http://www.zmjiudian.com/Hotel/Package/19276?CID=4519785
Source: TA.exeString found in binary or memory: http://wx.10086.cn/wmhnewcenter/quick-app/sendSms
Source: TA.exeString found in binary or memory: http://wx.10086.cn/wmhnewcenter/quick-app/sendSms&config=67043eb600711952e9baa4e0268e98e4http://www.
Source: TA.exeString found in binary or memory: http://xiangpai.jishiyuanwl.cn/api/public/?service=Login.GetCode0&mobile=
Source: TA.exeString found in binary or memory: http://xiangqi.cn
Source: TA.exeString found in binary or memory: http://xyhn.hainan.gov.cn/CreditHnExtranetWeb/fsxx.do
Source: TA.exeString found in binary or memory: http://xym.xuyuanmiao.com/new/login/valid
Source: TA.exeString found in binary or memory: http://xym.xuyuanmiao.com/new/login/validHost:
Source: TA.exeString found in binary or memory: http://yuyang325.ablesky.com
Source: TA.exeString found in binary or memory: http://yuyang325.ablesky.com/account.do?action=getRegisterMobileVerificationCode
Source: TA.exeString found in binary or memory: http://yuyang325.ablesky.com/registerRedirect.do?action=toRegister&fromurl=http%3A%2F%2Fyuyang325.ab
Source: TA.exeString found in binary or memory: http://yy.tyxsf.cn
Source: TA.exeString found in binary or memory: http://yy.tyxsf.cn/api/message/send
Source: TA.exeString found in binary or memory: http://yy.tyxsf.cn/api/message/sendreqid=4b534c46-7a90-4f24-3956-159197384582&userid=1&optid=1&path=
Source: TA.exeString found in binary or memory: http://yy.tyxsf.cn/register/
Source: TA.exeString found in binary or memory: http://zhuce.nuandou2020.com/api/public/?service=Login.getCode200&mobile=
Source: TA.exeString found in binary or memory: http://zk.weegoo.cn/zhuanKe/api/smss/send?phone=
Source: TA.exeString found in binary or memory: https://818ps.com/?route_id=15948901529440&route=1
Source: TA.exeString found in binary or memory: https://818ps.com/site-api/send-tel-login-code?num=
Source: TA.exeString found in binary or memory: https://account.bababus.com/checkCode/sendWapDynamicVerifyCode.htm?mobilePhone=
Source: TA.exeString found in binary or memory: https://account.bababus.com/wap/toLogin.htm?returnUrl=https%3A%2F%2Fwx.bababus.com%2Fwap%2Fordertabl
Source: TA.exeString found in binary or memory: https://account.modian.com
Source: TA.exeString found in binary or memory: https://account.modian.com/?redirect_url=https%3A%2F%2Fm.modian.com%2Fproject%2F54792.html
Source: TA.exeString found in binary or memory: https://account.smartisan.com/v2/cellphone/?m=get&cellphone=%2B86%20
Source: TA.exeString found in binary or memory: https://account.weimob.com/website/saas/account/api2/user/getCodeRs
Source: TA.exeString found in binary or memory: https://account.weimob.com/website/saas/account/api2/user/getCodeRshttps://m.ptbchina.com/index.php/
Source: TA.exeString found in binary or memory: https://account.zbj.com
Source: TA.exeString found in binary or memory: https://account.zbj.com/api/register/sendregistercode
Source: TA.exeString found in binary or memory: https://account.zbj.com/api/register/sendregistercodereason=bindHuaban&tel=Accept:
Source: TA.exeString found in binary or memory: https://account.zbj.com/register
Source: TA.exeString found in binary or memory: https://account.zhenrongbao.com
Source: TA.exeString found in binary or memory: https://account.zhenrongbao.com/account/register
Source: TA.exeString found in binary or memory: https://account.zhenrongbao.com/account/sendidentitycodenew
Source: TA.exeString found in binary or memory: https://account.zhenrongbao.com/account/sendidentitycodenew&type=voicecountryCode=86&mobile=Accept:
Source: TA.exeString found in binary or memory: https://activity.jingyupeiyou.com
Source: TA.exeString found in binary or memory: https://activity.jingyupeiyou.com/pages/sem/reg?source=1sn1zZQ3lhJRU_9IdU4&staff_no=360_PC_0701_0015
Source: TA.exeString found in binary or memory: https://aisite.wejianzhan.com
Source: TA.exeString found in binary or memory: https://aisite.wejianzhan.com/site/acadsoc.net/34d685b9-3f51-4f0e-8457-74d04278b9f6?fid=nHcvP1bLP1ms
Source: TA.exeString found in binary or memory: https://aisite.wejianzhan.com/site/dhb168.com/a5c8d50e-332e-42d9-8d5b-839c347ed5cf?fid=P16znjDYnH6Ln
Source: TA.exeString found in binary or memory: https://api-bw.juren.com/app/java/v2.0/student/front/verifyCode
Source: TA.exeString found in binary or memory: https://api-bw.juren.com/app/java/v2.0/student/front/verifyCode&isNewPhone=truehttp://www.edu-edu.co
Source: TA.exeString found in binary or memory: https://api-china.findlaw.cn/common/SendSms
Source: TA.exeString found in binary or memory: https://api-china.findlaw.cn/common/SendSms&check_type=1https://www.renrenbao.com/?app=index/tel_cod
Source: TA.exeString found in binary or memory: https://api-jr.guazi.com/Login/getVerifyCode
Source: TA.exeString found in binary or memory: https://api-v5-0.yangcong345.com/captchas/v4.8?phone=
Source: TA.exeString found in binary or memory: https://api.360doc.com/ajax/UserHandler.ashx?op=mobilemsg&callback=jQuery1102003379219270884293_1594
Source: TA.exeString found in binary or memory: https://api.account.meitu.com/common/text_verify_code.json
Source: TA.exeString found in binary or memory: https://api.fudaojun.com/fudaojun/h5/channel_verify_code
Source: TA.exeString found in binary or memory: https://api.gaotu100.com/v1/user/sendPasscode
Source: TA.exeString found in binary or memory: https://api.guanggao.com/user/sendcheckcode?mobile=
Source: TA.exeString found in binary or memory: https://api.mepai.me/v1/user/code?mobile=
Source: TA.exeString found in binary or memory: https://api.mepai.me/v1/user/code?mobile=Accept:
Source: TA.exeString found in binary or memory: https://api.passport.pptv.com/checkImageCodeAndSendMsg?cb=jQuery1124011016994670524682_1594099660452
Source: TA.exeString found in binary or memory: https://api.rrsjk.com/oauth2/sms/send_vertify_code.do?mobile=
Source: TA.exeString found in binary or memory: https://api.wanwudezhi.com/module-user/api/v1/user/sendSmsCode?phone=
Source: TA.exeString found in binary or memory: https://api.zhugexuetang.com/v2/mobile/send_code
Source: TA.exeString found in binary or memory: https://api.zhugexuetang.com/v2/mobile/send_codescene=1&tel=http://www.dasiyingyu.com/save2.php&_=15
Source: TA.exeString found in binary or memory: https://api2-mall.yidejia.com//api/user/send-sms?cps=0&mobile=
Source: TA.exeString found in binary or memory: https://api2.biggeryun.com/v2/regMobileSendPhoneCode
Source: TA.exeString found in binary or memory: https://api2.biggeryun.com/v2/regMobileSendPhoneCode&aid=5184&wid=1460Host:
Source: TA.exeString found in binary or memory: https://apigw.changingedu.com/passportsvc/api/pb/v1/captcha/apply.json
Source: TA.exeString found in binary or memory: https://apigw.changingedu.com/passportsvc/api/pb/v1/captcha/apply.jsonhttps://www.jmqingting.com/api
Source: TA.exeString found in binary or memory: https://apim.modian.com/sms/send_vcode
Source: TA.exeString found in binary or memory: https://apim.modian.com/sms/send_vcode&_=1593957749401https://member.hishop.com.cn/CHandler.aspx?jso
Source: TA.exeString found in binary or memory: https://app-api.shop.ele.me/arena/invoke/?method=OpenAPIRegisterService.sendVerifyCode
Source: TA.exeString found in binary or memory: https://app-api.shop.ele.me/arena/invoke/?method=OpenAPIRegisterService.sendVerifyCode:authority:
Source: TA.exeString found in binary or memory: https://app.co188.com/sso/api/login3/connect/sms
Source: TA.exeString found in binary or memory: https://app.didiyun.com
Source: TA.exeString found in binary or memory: https://app.didiyun.com/
Source: TA.exeString found in binary or memory: https://app.zhuanzhuan.com/zz/transfer/getCaptcha?type=1&mobile=
Source: TA.exeString found in binary or memory: https://app.zi.com/zi/captcha/get_register
Source: TA.exeString found in binary or memory: https://app.zi.com/zi/captcha/get_register_voice
Source: TA.exeString found in binary or memory: https://app.zi.com/zi/captcha/get_register_voiceXDEBUG_SESSION_START=ECLIPSE_DBGP&captcha=&mobile_ph
Source: TA.exeString found in binary or memory: https://app.zonghengwushuang.com/jinyu/sendcode
Source: TA.exeString found in binary or memory: https://bbs.leyuz.net/index/user/get_verify_code
Source: TA.exeString found in binary or memory: https://bbs.leyuz.net/index/user/get_verify_codesid=kuaishou.web.cp.api&type=42&countryCode=%2B86&ph
Source: TA.exeString found in binary or memory: https://bj.ke.com
Source: TA.exeString found in binary or memory: https://bj.ke.com/?utm_source=360&utm_medium=navi&utm_term=mingzhan&utm_content=paid&utm_campaign=pc
Source: TA.exeString found in binary or memory: https://bj.yqbiao.com/UserInfoArea/Users/GetSmsCodeForReg?tel=
Source: TA.exeString found in binary or memory: https://bj.yqbiao.com/UserInfoArea/Users/Regnew
Source: TA.exeString found in binary or memory: https://c.highpin.cn
Source: TA.exeString found in binary or memory: https://c.highpin.cn/Users/CheckUserName/?x-zp-client-id=33e7f449-a98c-4185-831a-b3c14558d29e
Source: TA.exeString found in binary or memory: https://c.highpin.cn/Users/CreateMobileCode/?x-zp-client-id=33e7f449-a98c-4185-831a-b3c14558d29e
Source: TA.exeString found in binary or memory: https://c.highpin.cn/Users/Register
Source: TA.exeString found in binary or memory: https://card.10010.com/ko-order/messageCaptcha/send?phoneVal=
Source: TA.exeString found in binary or memory: https://clogin.ke.com/authentication/mfa/sms
Source: TA.exeString found in binary or memory: https://clogin.ke.com/authentication/mfa/sms&t_token=uX3EOPGSAcJNZ8Kqtel=https://www.114oc.com/user/
Source: TA.exeString found in binary or memory: https://cloud.mfu.cn
Source: TA.exeString found in binary or memory: https://cloud.mfu.cn/index.php/auth/verify
Source: TA.exeString found in binary or memory: https://cloud.mfu.cn/index.php/auth/verifyContent-Type:
Source: TA.exeString found in binary or memory: https://cloud.mfu.cn/web.php
Source: TA.exeString found in binary or memory: https://cloud.nucarf.com/rest/querySmsCode?phoneNum=
Source: TA.exeString found in binary or memory: https://cnpassport.youku.com/newlogin/sms/send.do?appName=youku&fromSite=23
Source: TA.exeString found in binary or memory: https://cnpassport.youku.com/newlogin/sms/send.do?appName=youku&fromSite=2315123456733phoneCode=86&l
Source: TA.exeString found in binary or memory: https://console.upyun.com
Source: TA.exeString found in binary or memory: https://console.upyun.com/accounts/verify_mobile/code/
Source: TA.exeString found in binary or memory: https://console.upyun.com/register/
Source: TA.exeString found in binary or memory: https://core.ddcash.cn
Source: TA.exeString found in binary or memory: https://core.ddcash.cn/
Source: TA.exeString found in binary or memory: https://core.ddcash.cn/gateway/common
Source: TA.exeString found in binary or memory: https://core.ddcash.cn/gateway/common&vobaopagesign=2020071110A2804Host:
Source: TA.exeString found in binary or memory: https://customer.bmwgroup.cn/gcdm/public/bmwdigital/CN-zh/customers
Source: TA.exeString found in binary or memory: https://customer.bmwgroup.cn/gcdm/public/bmwdigital/CN-zh/customers&code=CN&type=codeVerifyhttps://a
Source: TA.exeString found in binary or memory: https://developer.rongcloud.cn
Source: TA.exeString found in binary or memory: https://developer.rongcloud.cn/signup
Source: TA.exeString found in binary or memory: https://developer.rongcloud.cn/user/SendMobileCode
Source: TA.exeString found in binary or memory: https://developer.rongcloud.cn/user/SendMobileCode&codeType=21Accept:
Source: TA.exeString found in binary or memory: https://diantoushi.com/user/v1/captcha?mobile=
Source: TA.exeString found in binary or memory: https://epassport.diditaxi.com.cn/passport/login/v5/codeMT
Source: TA.exeString found in binary or memory: https://epassport.diditaxi.com.cn/passport/login/v5/codeMT15123456782
Source: TA.exeString found in binary or memory: https://form-service.shouqianba.com/authCode
Source: TA.exeString found in binary or memory: https://form.shouqianba.com
Source: TA.exeString found in binary or memory: https://form.shouqianba.com/?btn=pc_bottom%2F
Source: TA.exeString found in binary or memory: https://frontapi.easypass.cn/SMSValidate/sendcode?moblie=
Source: TA.exeString found in binary or memory: https://fudao.qq.com/cgi-proxy/login/send_sms_code
Source: TA.exeString found in binary or memory: https://fudao.qq.com/cgi-proxy/login/send_sms_code&purpose=registerConfighttps://m.purcotton.com/mob
Source: TA.exeString found in binary or memory: https://fx.51jiuji.com/dt/sms_code/request?mobile=
Source: TA.exeString found in binary or memory: https://gateway-web.maodou.com/ncmall/uc/api/sms/getCode?
Source: TA.exeString found in binary or memory: https://gateway-web.maodou.com/ncmall/uc/api/sms/getCode?action=send&value=http://m.xinsinong.com/re
Source: TA.exeString found in binary or memory: https://gateway.zfx.com/user-server/promotion/reg/send-phone-code
Source: TA.exeString found in binary or memory: https://global.lianlianpay.com
Source: TA.exeString found in binary or memory: https://global.lianlianpay.com/cb-va-sso-api/captcha/send/mobile/unblock
Source: TA.exeString found in binary or memory: https://global.lianlianpay.com/cb-va-sso-api/captcha/send/mobile/unblockgetVerifyCodemobileNo=Accept
Source: TA.exeString found in binary or memory: https://global.lianlianpay.com/register
Source: TA.exeString found in binary or memory: https://global.umfintech.com
Source: TA.exeString found in binary or memory: https://global.umfintech.com/RSWeb/sjh/registerAction
Source: TA.exeString found in binary or memory: https://graph.3vjia.com/captcha/mobile/reg/
Source: TA.exeString found in binary or memory: https://graph.3vjia.com/captcha/mobile/reg/Host:
Source: TA.exeString found in binary or memory: https://graph.3vjia.com/m/reg?redirect_uri=%2F%2Fwww.3vjia.com
Source: TA.exeString found in binary or memory: https://gw-driver-wap.01zhuanche.com/gw-driver-wap/inside-mp/api/v2/msg/codeSend
Source: TA.exeString found in binary or memory: https://gw-driver-wap.01zhuanche.com/gw-driver-wap/inside-mp/api/v2/msg/codeSendHost:
Source: TA.exeString found in binary or memory: https://gz.adsl.cn/o-portal/f/oneModelHk/gsMessage
Source: TA.exeString found in binary or memory: https://h5.51credit.com
Source: TA.exeString found in binary or memory: https://h5.51credit.com/api.51credit.com/ks-user-openapi/v1/challenge/sm
Source: TA.exeString found in binary or memory: https://h5.51credit.com/www/login/regist.html?service=https%3A%2F%2Fbbs.51credit.com%2Fthread-414284
Source: TA.exeString found in binary or memory: https://hao.360.com/?a1004;
Source: TA.exeString found in binary or memory: https://host.convertlab.com/sms/get?mobile=
Source: TA.exeString found in binary or memory: https://host.convertlab.com/sms/token?mobile=
Source: TA.exeString found in binary or memory: https://huaban.com
Source: TA.exeString found in binary or memory: https://huaban.com/captcha/
Source: TA.exeString found in binary or memory: https://huaban.com/captcha/&username=fuguietrtoperFlag=sendMsgByPhone&mobilephone=https://www.91cht.
Source: TA.exeString found in binary or memory: https://huaban.com/signup/
Source: TA.exeString found in binary or memory: https://hz.5i5j.com
Source: TA.exeString found in binary or memory: https://hz.5i5j.com/regloginnew/ajaxphonecodenew
Source: TA.exeString found in binary or memory: https://hz.5i5j.com/regloginnew/ajaxphonecodenewAccept:
Source: TA.exeString found in binary or memory: https://hz.5i5j.com/xiaoqu/100000000005528.html
Source: TA.exeString found in binary or memory: https://hzapp.huazhen.com
Source: TA.exeString found in binary or memory: https://hzapp.huazhen.com/account/register
Source: TA.exeString found in binary or memory: https://hzapp.huazhen.com/account/send_verify_code
Source: TA.exeString found in binary or memory: https://i.22.cn
Source: TA.exeString found in binary or memory: https://i.22.cn/Account/Security/Code/
Source: TA.exeString found in binary or memory: https://i.22.cn/ajax/mobile/send?t=0.45122222328715456
Source: TA.exeString found in binary or memory: https://i.22.cn/ajax/mobile/send?t=0.45122222328715456Host:
Source: TA.exeString found in binary or memory: https://i.fkw.com/ajax/reg_h.jsp?cmd=sendValidateCode_new&bizType=0
Source: TA.exeString found in binary or memory: https://i.fkw.com/ajax/reg_h.jsp?cmd=sendValidateCode_new&bizType=4
Source: TA.exeString found in binary or memory: https://i.gtja.com/m/semLdAction.do?method=sendMessageCodeSpecial
Source: TA.exeString found in binary or memory: https://id.juranguanjia.com
Source: TA.exeString found in binary or memory: https://id.juranguanjia.com/api/web/user/message/sendcode
Source: TA.exeString found in binary or memory: https://id.juranguanjia.com/api/web/user/message/sendcode&image_code=http://m.baitongshiji.com/Cente
Source: TA.exeString found in binary or memory: https://id.juranguanjia.com/register?userType=guangwang&backurl=ncNfNPWTzZMwTTldGpI1OPqLRiOgG%2FYpZ8
Source: TA.exeString found in binary or memory: https://id.kuaishou.com/pass/kuaishou/sms/requestMobileCode
Source: TA.exeString found in binary or memory: https://id.kuaishou.com/pass/kuaishou/sms/requestMobileCodehttps://www.danke.com/web-api/user/send-t
Source: TA.exeString found in binary or memory: https://im.uu.163.com
Source: TA.exeString found in binary or memory: https://im.uu.163.com/
Source: TA.exeString found in binary or memory: https://ipassport.damai.cn
Source: TA.exeString found in binary or memory: https://ipassport.damai.cn/mini_login.htm?lang=zh_cn&appName=damai&appEntrance=default&styleType=ver
Source: TA.exeString found in binary or memory: https://ipassport.damai.cn/newlogin/sms/send.do?appName=damai&fromSite=18&_bx-v=1.1.20
Source: TA.exeString found in binary or memory: https://ipassport.damai.cn/newlogin/sms/send.do?appName=damai&fromSite=18&_bx-v=1.1.20https://portal
Source: TA.exeString found in binary or memory: https://jinshuju.net
Source: TA.exeString found in binary or memory: https://jinshuju.net/f/xCT4Ec
Source: TA.exeString found in binary or memory: https://jinshuju.net/graphql
Source: TA.exeString found in binary or memory: https://jinshuju.net/graphql&name=Convertlab&token=f04c5dc57b0242499d951bafee6ed5ef&type=form&uuid=4
Source: TA.exeString found in binary or memory: https://jucaijz.cn/api/member/sendphone?mobile=
Source: TA.exeString found in binary or memory: https://jzapi.baidu.com/sjh-lexus/request.ajax?path=sjh-lexus%2FGET%2FSmsNoticeService%2FsendSmsCode
Source: TA.exeString found in binary or memory: https://ketang.juren.com
Source: TA.exeString found in binary or memory: https://ketang.juren.com/
Source: TA.exeString found in binary or memory: https://kuai.imdada.cn
Source: TA.exeString found in binary or memory: https://kuai.imdada.cn/index_v2
Source: TA.exeString found in binary or memory: https://kuai.imdada.cn/index_v2#/register
Source: TA.exeString found in binary or memory: https://kuai.imdada.cn/toc/corp/web/user/sendCode
Source: TA.exeString found in binary or memory: https://l.uu.163.com/api/v1/phone-captchas/
Source: TA.exeString found in binary or memory: https://live.weaver.com.cn/homepage/createCode2?jsonpcallback=jQuery11020786823554715125_15946487086
Source: TA.exeString found in binary or memory: https://ln.rrsjk.com
Source: TA.exeString found in binary or memory: https://ln.rrsjk.com/mh5/login
Source: TA.exeString found in binary or memory: https://login-openaccount.taobao.com/&isMobile=true&_csrf_token=undefined
Source: TA.exeString found in binary or memory: https://login-openaccount.taobao.com/login/sendsmscode.do
Source: TA.exeString found in binary or memory: https://login.51job.com/ajax/sendphonecode.php?jsoncallback=jQuery18303956739664829656_1592495501835
Source: TA.exeString found in binary or memory: https://login.kongfz.com
Source: TA.exeString found in binary or memory: https://login.kongfz.com/Pc/Ajax/sendMobileCheckCode
Source: TA.exeString found in binary or memory: https://login.kongfz.com/Pc/Ajax/sendMobileCheckCode&verify_type=login&country_code=86&_t=1593951464
Source: TA.exeString found in binary or memory: https://login.kongfz.com/Pc/Login/iframe
Source: TA.exeString found in binary or memory: https://login.koolearn.com/sso/sendVoiceRegisterMessage.do?callback=jQuery111205661385064312077_1594
Source: TA.exeString found in binary or memory: https://login.taobao.com
Source: TA.exeString found in binary or memory: https://login.taobao.com/member/login.jhtml?style=b2b&css_style=b2b&from=b2b&newMini2=true&full_redi
Source: TA.exeString found in binary or memory: https://login.taobao.com/newlogin/sms/send.do?appName=taobao&fromSite=3
Source: TA.exeString found in binary or memory: https://login.taobao.com/newlogin/sms/send.do?appName=taobao&fromSite=3&messagejiami=b0fb8893b233bdf
Source: TA.exeString found in binary or memory: https://m-upnet.beautifulreading.com
Source: TA.exeString found in binary or memory: https://m-upnet.beautifulreading.com/live01?way=mbd&source=bdwap-PP3-C2-xyj-84226&keyword=%E5%B0%8F%
Source: TA.exeString found in binary or memory: https://m.300.cn/special/tg/quanwangmenhu.html?source=baidu&plan=PC-pinpaicijihua&keyword=zhongqiwan
Source: TA.exeString found in binary or memory: https://m.300.cn/verify/message?is_ajax=1&callback=jQuery19109805433584210501_1596669590055&mobile=
Source: TA.exeString found in binary or memory: https://m.4008123123.com/PHHSMWOS/rest/per/sendSMSVerificationCode
Source: TA.exeString found in binary or memory: https://m.51taodj.com/tdjh5/register/sendSms?uname=
Source: TA.exeString found in binary or memory: https://m.9ji.com
Source: TA.exeString found in binary or memory: https://m.9ji.com/login?redirect=%2Fmember
Source: TA.exeString found in binary or memory: https://m.9ji.com/web/api/dynamicPwdSms/v2
Source: TA.exeString found in binary or memory: https://m.9ji.com/web/api/dynamicPwdSms/v2&vtype=quick_pub&xhrFields=2
Source: TA.exeString found in binary or memory: https://m.baidu.com/from=1001703a/bd_page_type=1/ssid=0/uid=0/pu=usm%402%2Csz%40320_1001%2Cta%40ipho
Source: TA.exeString found in binary or memory: https://m.cdfgsanya.com
Source: TA.exeString found in binary or memory: https://m.cdfgsanya.com/api/overseas/sms/302
Source: TA.exeString found in binary or memory: https://m.cdfgsanya.com/api/overseas/sms/302https://webservice.pandavedio.com/users/sms/send-auth-co
Source: TA.exeString found in binary or memory: https://m.cdfgsanya.com/wap/index.html
Source: TA.exeString found in binary or memory: https://m.clouderwork.com
Source: TA.exeString found in binary or memory: https://m.clouderwork.com/api/v2/verifycode
Source: TA.exeString found in binary or memory: https://m.clouderwork.com/api/v2/verifycode&smsType=1Host:
Source: TA.exeString found in binary or memory: https://m.clouderwork.com/jobs/new/choose
Source: TA.exeString found in binary or memory: https://m.codemao.cn
Source: TA.exeString found in binary or memory: https://m.codemao.cn/v9/?inWechat=1&utm_source=baidu&utm_term=BDSFDM01&utm_content=yd-zhuanhua-022-2
Source: TA.exeString found in binary or memory: https://m.ctrip.com
Source: TA.exeString found in binary or memory: https://m.ctrip.com/webapp/hotel/hoteldetail/89852.html?allianceid
Source: TA.exeString found in binary or memory: https://m.ctrip.com/webapp/hotel/hoteldetail/89852.html?allianceid=3470&sid=898333&ouid=marhotel_ppi
Source: TA.exeString found in binary or memory: https://m.exmail.qq.com/cgi-bin/sell_dependent?action=send_sms&t=wap_official_mgr&ef=jsnew&type=6&ar
Source: TA.exeString found in binary or memory: https://m.fhyx.com/ajax/codephonereg.do
Source: TA.exeString found in binary or memory: https://m.jd100.com/mobile/verifyCode/graphic?mobile=
Source: TA.exeString found in binary or memory: https://m.juneyaoair.com
Source: TA.exeString found in binary or memory: https://m.juneyaoair.com/login/login/index.html
Source: TA.exeString found in binary or memory: https://m.juneyaoair.com/server/captcha/send
Source: TA.exeString found in binary or memory: https://m.juneyaoair.com/server/captcha/send&type=1&deviceId=&tdDeviceId=&dxDeviceId=5ef44a21SFycCum
Source: TA.exeString found in binary or memory: https://m.ke.qq.com/activeAccount.html?_bid=167&_wv=2147483651&k=login
Source: TA.exeString found in binary or memory: https://m.ke.qq.com/cgi-bin/tool/apply_sms_code?is_ios=0&raw_phone=
Source: TA.exeString found in binary or memory: https://m.lechebang.com/gateway/user/sendSecurityLoginSms
Source: TA.exeString found in binary or memory: https://m.ptbchina.com/index.php/Serve/Person/ver_code2
Source: TA.exeString found in binary or memory: https://m.purcotton.com/mobile/mall/member/sendmobileCode.ihtml?mobilePhone=
Source: TA.exeString found in binary or memory: https://m.puxinwangxiao.com
Source: TA.exeString found in binary or memory: https://m.puxinwangxiao.com/api/v1.2/student/send_login_sms
Source: TA.exeString found in binary or memory: https://m.puxinwangxiao.com/api/v1.2/student/send_login_sms&type=4&_=1592200089239http://m.95303.com
Source: TA.exeString found in binary or memory: https://m.puxinwangxiao.com/login
Source: TA.exeString found in binary or memory: https://m.taoshouyou.com
Source: TA.exeString found in binary or memory: https://m.taoshouyou.com/siteauth/auth/login?returnurl=/user/assets/index
Source: TA.exeString found in binary or memory: https://m.vobao.com
Source: TA.exeString found in binary or memory: https://m.vobao.com/Common/SendSmsCodeToMobile
Source: TA.exeString found in binary or memory: https://m.vobao.com/Common/SendSmsCodeToMobilephoneNum=http://food.funtoygame.com/index.php/Register
Source: TA.exeString found in binary or memory: https://m.vobao.com/ask/tiwen.shtml
Source: TA.exeString found in binary or memory: https://m.ydl.com
Source: TA.exeString found in binary or memory: https://m.ydl.com/login?sourceUrl=https://m2.ydl.com/uc
Source: TA.exeString found in binary or memory: https://m.ydl.com/user/login
Source: TA.exeString found in binary or memory: https://m.yidejia.com
Source: TA.exeString found in binary or memory: https://m.yidejia.com/login
Source: TA.exeString found in binary or memory: https://m.youxiake.com
Source: TA.exeString found in binary or memory: https://m.youxiake.com/
Source: TA.exeString found in binary or memory: https://m.youxiake.com/login?referer=https%3A%2F%2Fm.youxiake.com%2Fusercenter
Source: TA.exeString found in binary or memory: https://m.youxiake.com/register/smscode
Source: TA.exeString found in binary or memory: https://m.youxiake.com/register/smscode?type=register
Source: TA.exeString found in binary or memory: https://m.youxiake.com/register/smscode?type=registerhttps://xueyuan.baihe.com/h5/sms/getLoginSms
Source: TA.exeString found in binary or memory: https://m.ys7.com
Source: TA.exeString found in binary or memory: https://m.ys7.com/passport/captcha.html?t=1592197577664
Source: TA.exeString found in binary or memory: https://m.ys7.com/passport/captcha.html?t=1592197577664Host:
Source: TA.exeString found in binary or memory: https://m.ys7.com/passport/register.html?come=dealer
Source: TA.exeString found in binary or memory: https://m.yutong.com/thtml/memberfront/doSendSms.do
Source: TA.exeString found in binary or memory: https://m.yutong.com/thtml/memberfront/doSendSms.doAccept:
Source: TA.exeString found in binary or memory: https://member.hishop.com.cn/CHandler.aspx?jsoncallback=success_jsonpCallback&Action=SendPhoneCodeFr
Source: TA.exeString found in binary or memory: https://memberprod.alipay.com
Source: TA.exeString found in binary or memory: https://memberprod.alipay.com/account/reg/index.htm
Source: TA.exeString found in binary or memory: https://memberprod.alipay.com/account/reg/section/reSendVerifyCode.json
Source: TA.exeString found in binary or memory: https://merc.aikucun.com/web/sms/authcode/send
Source: TA.exeString found in binary or memory: https://merchant.intbee.com
Source: TA.exeString found in binary or memory: https://merchant.intbee.com/api/uc/auth/verify/code/mobile
Source: TA.exeString found in binary or memory: https://merchant.intbee.com/api/uc/auth/verify/code/mobiletelephone=http://www.hao315.com/join/sms/h
Source: TA.exeString found in binary or memory: https://merchant.intbee.com/app/share/regist?channel=12007001
Source: TA.exeString found in binary or memory: https://minalogin.beautifulreading.com/sendvalidate
Source: TA.exeString found in binary or memory: https://minalogin.beautifulreading.com/sendvalidate15123456783phoneCode=86&loginId=15123456783&count
Source: TA.exeString found in binary or memory: https://mis.51zouchuqu.com/us/v1/vericode/voice/
Source: TA.exeString found in binary or memory: https://mms.tebaobao.com/register.php?act=send_mobile_code
Source: TA.exeString found in binary or memory: https://monline.01zhuanche.com
Source: TA.exeString found in binary or memory: https://monline.01zhuanche.com/driverRegister/registerLogin.html?_v=1592393251556&cityId=153&cityNam
Source: TA.exeString found in binary or memory: https://mskypearl.csair.com
Source: TA.exeString found in binary or memory: https://mskypearl.csair.com/msky/
Source: TA.exeString found in binary or memory: https://mskypearl.csair.com/msky/register/sendMsg.do
Source: TA.exeString found in binary or memory: https://mubu.com
Source: TA.exeString found in binary or memory: https://mubu.com/api/reg/send_login_reg_code
Source: TA.exeString found in binary or memory: https://mubu.com/api/reg/send_login_reg_codecity_id=0&cityId=0&page_type=&pageType=&phone=Host:
Source: TA.exeString found in binary or memory: https://mubu.com/login
Source: TA.exeString found in binary or memory: https://my.ihuandu.com/sms/send.html
Source: TA.exeString found in binary or memory: https://my.ihuandu.com/sms/send.html&ct=1592797694441Accept:
Source: TA.exeString found in binary or memory: https://oauth.51job.com/register.php?client_id=000001&redirect_uri=https%3A%2F%2Funion.yingjiesheng.
Source: TA.exeString found in binary or memory: https://open-service.codemao.cn/captcha/rule
Source: TA.exeString found in binary or memory: https://open-service.codemao.cn/captcha/rulehttps://www.huizhong.org/ucenter/register/sms&type=regis
Source: TA.exeString found in binary or memory: https://open.qudian.com
Source: TA.exeString found in binary or memory: https://open.qudian.com/v3/platform/api/user/loginSendPhoneValidationCodeV2
Source: TA.exeString found in binary or memory: https://open.qudian.com/v3/platform/api/user/loginSendPhoneValidationCodeV2http://m.tk.cn/tkmobile/o
Source: TA.exeString found in binary or memory: https://open.qudian.com/v3/platform/register
Source: TA.exeString found in binary or memory: https://open.shop.ele.me
Source: TA.exeString found in binary or memory: https://open.shop.ele.me/openapi/register
Source: TA.exeString found in binary or memory: https://order.lbdj.com
Source: TA.exeString found in binary or memory: https://order.lbdj.com/lbdj/web/user/smsVerifyCode
Source: TA.exeString found in binary or memory: https://order.lbdj.com/register?redirect=https%3A%2F%2Forder.lbdj.com%2Fplaceorder%2Findex
Source: TA.exeString found in binary or memory: https://order.sh.189.cn/order/mobilequery/sendMessage
Source: TA.exeString found in binary or memory: https://order.sh.189.cn/order/mobilequery/sendMessage&useType=RegisteredAccept:
Source: TA.exeString found in binary or memory: https://pandavedio.com
Source: TA.exeString found in binary or memory: https://pandavedio.com/register?invitecode=t983uyv
Source: TA.exeString found in binary or memory: https://papi.qingting.fm/auth/verify_code?phone=
Source: TA.exeString found in binary or memory: https://papi.qingting.fm/auth/verify_code?phone=&getType=1&srvType=reg&token=nHRHjC57dYDSSHmBW5BWj5u
Source: TA.exeString found in binary or memory: https://parent-api.jingyupeiyou.com/v2/register/send
Source: TA.exeString found in binary or memory: https://pass.hujiang.com/v2/api/v1/sms/send?action=SendMsg&mobile=
Source: TA.exeString found in binary or memory: https://passport.ctrip.com/gateway/api/soa2/11448/sendMessageH5
Source: TA.exeString found in binary or memory: https://passport.ctrip.com/gateway/api/soa2/11448/sendMessageH5https://sso.ldmnq.com/sms/getCode?typ
Source: TA.exeString found in binary or memory: https://passport.fang.com/loginsendmsm.api?MobilePhone=
Source: TA.exeString found in binary or memory: https://passport.fang.com/register.aspx?service=renthouse&host=sanya.zu.fang.com&backurl=
Source: TA.exeString found in binary or memory: https://passport.ganji.com/ajax.php?module=send_reg_phone_auth_code&uid=0&phone=
Source: TA.exeString found in binary or memory: https://passport.ganji.com/register.php?next=/
Source: TA.exeString found in binary or memory: https://passport.haodf.com
Source: TA.exeString found in binary or memory: https://passport.haodf.com/user/ajaxsendmobilecode
Source: TA.exeString found in binary or memory: https://passport.haodf.com/user/ajaxsendmobilecode&source=verifyhttps://user.hundun.cn/get_identify_
Source: TA.exeString found in binary or memory: https://passport.haodf.com/user/showregisterbymobile
Source: TA.exeString found in binary or memory: https://passport.hupu.com
Source: TA.exeString found in binary or memory: https://passport.hupu.com/m/2/sendCodeApp
Source: TA.exeString found in binary or memory: https://passport.hupu.com/m/2/sendCodeApp&service=register&_=1594540283088https://fx.51jiuji.com/dt/
Source: TA.exeString found in binary or memory: https://passport.hupu.com/ucenter/bindmobile.view
Source: TA.exeString found in binary or memory: https://passport.taoshouyou.com/api/sms/send-code
Source: TA.exeString found in binary or memory: https://passport.tuniu.com/ajax/sendCode?tel=
Source: TA.exeString found in binary or memory: https://passport.tuniu.com/ajax/sendCode?tel=:authority:
Source: TA.exeString found in binary or memory: https://passport.vip.com/third/mobileLogin/sendSms
Source: TA.exeString found in binary or memory: https://passport.youzan.com
Source: TA.exeString found in binary or memory: https://passport.youzan.com/api/login-dialog/sms.json
Source: TA.exeString found in binary or memory: https://passport.youzan.com/api/login-dialog/sms.json&imgcode=&token=a7a70369dda438794c9a78be381339f
Source: TA.exeString found in binary or memory: https://passport.youzan.com/passport/login-dialog?version=1.2.12
Source: TA.exeString found in binary or memory: https://passport.zujuan.com/register?jump_url=http://www.zujuan.com
Source: TA.exeString found in binary or memory: https://passport.zujuan.com/site/send-code?type=mobile&account=
Source: TA.exeString found in binary or memory: https://pc.xiaoguo101.com/api/users/code/send?channelId=5dad2cc65a8c1c06ca91ce94
Source: TA.exeString found in binary or memory: https://pc.xiaoguo101.com/api/users/code/send?channelId=5dad2cc65a8c1c06ca91ce94https://account.baba
Source: TA.exeString found in binary or memory: https://pc.yunvip123.com
Source: TA.exeString found in binary or memory: https://pc.yunvip123.com/api/User/RegisterVerify
Source: TA.exeString found in binary or memory: https://pc.yunvip123.com/api/User/RegisterVerify&verifyCode=sGH2w8MmkWuJq8GVFys-lBD7d7lolhdgZKVfvO5F
Source: TA.exeString found in binary or memory: https://pc.yunvip123.com/register.html?v=6.5.6.2
Source: TA.exeString found in binary or memory: https://portal.7net.cc/User/SmsRegistSend
Source: TA.exeString found in binary or memory: https://portal.qiniu.com
Source: TA.exeString found in binary or memory: https://portal.qiniu.com/api/gaea/verification/sms/send
Source: TA.exeString found in binary or memory: https://portal.qiniu.com/signup
Source: TA.exeString found in binary or memory: https://prod.huohuaschool.com/api-website/user/sms?phone=
Source: TA.exeString found in binary or memory: https://puser.hncsga.cn/api/user/sms?mobile=
Source: TA.exeString found in binary or memory: https://puser.hncsga.cn/api/user/sms?mobile=Accept:
Source: TA.exeString found in binary or memory: https://puser.hncsga.cn/register/create
Source: TA.exeString found in binary or memory: https://puser.hnzwfw.gov.cn:8081/api/user/sms?mobile=
Source: TA.exeString found in binary or memory: https://reg.suning.com/ajax/code/sms.do
Source: TA.exeString found in binary or memory: https://reg.yaofangwang.com/common/sendmsg
Source: TA.exeString found in binary or memory: https://reg.yaofangwang.com/common/sendmsg&exist=0&randNum=7442616&NECaptchaValidate=https://m.jd100
Source: TA.exeString found in binary or memory: https://sa.ec-ego.com:8080
Source: TA.exeString found in binary or memory: https://sa.ec-ego.com:8080/login?register=1&service=null%2Fj_spring_cas_security_check
Source: TA.exeString found in binary or memory: https://sa.ec-ego.com:8080/sms/smsCode/getCode?mobilePhone=
Source: TA.exeString found in binary or memory: https://seller.ishansong.com
Source: TA.exeString found in binary or memory: https://seller.ishansong.com/passport/captcha/sendMobileCaptcha
Source: TA.exeString found in binary or memory: https://seller.ishansong.com/passport/captcha/sendMobileCaptcha&inajax=1https://www.mydigit.cn/plugi
Source: TA.exeString found in binary or memory: https://seller.ishansong.com/user/home
Source: TA.exeString found in binary or memory: https://shop.decorte-cosmetics.cn
Source: TA.exeString found in binary or memory: https://shop.decorte-cosmetics.cn/api/shop/sms/send-sms-code.do
Source: TA.exeString found in binary or memory: https://shop.decorte-cosmetics.cn/api/shop/sms/send-sms-code.doHost:
Source: TA.exeString found in binary or memory: https://shop.decorte-cosmetics.cn/register.html
Source: TA.exeString found in binary or memory: https://shop.haojue.com/appapi/?url=/user/signup/code
Source: TA.exeString found in binary or memory: https://shop.haojue.com/appapi/?url=/user/signup/codehttps://bj.yqbiao.com/UserInfoArea/Users/GetSms
Source: TA.exeString found in binary or memory: https://sso.agora.io/api/verify/sms?phone=%2B86
Source: TA.exeString found in binary or memory: https://sso.agora.io/api/verify/sms?phone=%2B86:authority:
Source: TA.exeString found in binary or memory: https://sso.agora.io/cn/v2/verify
Source: TA.exeString found in binary or memory: https://sso.kuaidi100.com/sso/mobileapi.do?method=sendcode
Source: TA.exeString found in binary or memory: https://sso.kuaidi100.com/sso/mobileapi.do?method=sendcode&area_code=86&_=1592556911331https://www.x
Source: TA.exeString found in binary or memory: https://sso.ldmnq.com/regist
Source: TA.exeString found in binary or memory: https://sso.ldmnq.com/sms/getCode?type=reg&mobile=
Source: TA.exeString found in binary or memory: https://static.diantoushi.com
Source: TA.exeString found in binary or memory: https://static.diantoushi.com/dtsmobile/index.html
Source: TA.exeString found in binary or memory: https://uac.10010.com/portal/Service/SendMSG?callback=jQuery17205960549095114636_1596719990361&req_t
Source: TA.exeString found in binary or memory: https://uac.10010.com/portal/custLogin
Source: TA.exeString found in binary or memory: https://uc.maodou.com
Source: TA.exeString found in binary or memory: https://uc.maodou.com/u/login
Source: TA.exeString found in binary or memory: https://ucenter.rr.tv
Source: TA.exeString found in binary or memory: https://ucenter.rr.tv/
Source: TA.exeString found in binary or memory: https://ugc-web-api.rr.tv/ugc-api/user/captcha/send
Source: TA.exeString found in binary or memory: https://ugc-web-api.rr.tv/ugc-api/user/captcha/sendhttps://mis.51zouchuqu.com/us/v1/vericode/voice/-
Source: TA.exeString found in binary or memory: https://ums.gaoding.com
Source: TA.exeString found in binary or memory: https://ums.gaoding.com/api/users/verify-code
Source: TA.exeString found in binary or memory: https://ums.gaoding.com/cgi-bin?appid=gaodingx&redirect_uri=https%3A%2F%2Fwww.gaoding.com%2Fapi%2Fum
Source: TA.exeString found in binary or memory: https://user.360lj.com/ajax/sendMsg
Source: TA.exeString found in binary or memory: https://user.daojia.com/mobile/getcode?mobile=
Source: TA.exeString found in binary or memory: https://user.daojia.com/prelogin?returnUrl=https%3A%2F%2Fjzt.daojia.com%2Fhome%2Fpersonalcenternew%3
Source: TA.exeString found in binary or memory: https://user.hundun.cn/get_identify_code?clientType=pcweb&versionName=&imei=&net=&phone=
Source: TA.exeString found in binary or memory: https://user.ifeng.com
Source: TA.exeString found in binary or memory: https://user.ifeng.com/api/v1/sendsms?platform=w&systemid=1
Source: TA.exeString found in binary or memory: https://user.ifeng.com/api/v1/sendsms?platform=w&systemid=1send=1&phone=http://www.zhiqz.com/wp-cont
Source: TA.exeString found in binary or memory: https://user.ifeng.com/register/
Source: TA.exeString found in binary or memory: https://user.jl.gov.cn/register/natural/?redirect=http%3A%2F%2Fwww.changchun.gov.cn%2F
Source: TA.exeString found in binary or memory: https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018
Source: TA.exeString found in binary or memory: https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018&signkey=loginjsa
Source: TA.exeString found in binary or memory: https://user.liangjiaju.site/index.php/index/sms/send_sms/
Source: TA.exeString found in binary or memory: https://user.liangjiaju.site/index.php/index/sms/send_sms/&code=&type=4&codeType=1&clientNo=&userTok
Source: TA.exeString found in binary or memory: https://user.nxeduyun.com/register/getActcode?jstime=1593513385371
Source: TA.exeString found in binary or memory: https://v.sf-express.com
Source: TA.exeString found in binary or memory: https://v.sf-express.com/portal-sfkey/user/signin
Source: TA.exeString found in binary or memory: https://v.sf-express.com/portal-sfkey/user/signin&captchaId=&captchaTicket=https://passport.vip.com/
Source: TA.exeString found in binary or memory: https://v.sf-express.com/sf/?switchTab=register&lang=zh-CN
Source: TA.exeString found in binary or memory: https://v4.passport.sohu.com/i/smcode/mobile/sblmobile?mobile=
Source: TA.exeString found in binary or memory: https://v4.passport.sohu.com/i/smcode/mobile/sblmobile?mobile=:authority:
Source: TA.exeString found in binary or memory: https://vip.meishubao.com/ke/smscode.php
Source: TA.exeString found in binary or memory: https://wapi.laoyuegou.com/register/sendVerifyCode
Source: TA.exeString found in binary or memory: https://wapi.laoyuegou.com/register/sendVerifyCode&type=web&system=hroperateType=regandlogin&mobile=
Source: TA.exeString found in binary or memory: https://webapi.account.mihoyo.com/Api/create_mobile_captcha
Source: TA.exeString found in binary or memory: https://webservice.pandavedio.com/users/sms/send-auth-code?areaNo=86&category=1&phone=
Source: TA.exeString found in binary or memory: https://wechat.caiheshui.com/gw/user/userService/sendSMS
Source: TA.exeString found in binary or memory: https://wechat.caiheshui.com/gw/user/userService/sendSMS&token=&verify=mobileNumber=Accept:
Source: TA.exeString found in binary or memory: https://work.weixin.qq.com/wework_admin/register/boss/check/send_mobile_code/4Wew4RDLc06FNWor6rz79QF
Source: TA.exeString found in binary or memory: https://wulibao.ke.qq.com/
Source: TA.exeString found in binary or memory: https://wulibao.ke.qq.com/cgi-bin/tool/apply_sms_code?phone=
Source: TA.exeString found in binary or memory: https://www.114oc.com/user/send_t_token
Source: TA.exeString found in binary or memory: https://www.114yygh.com/
Source: TA.exeString found in binary or memory: https://www.114yygh.com/web/common/verify-code/get?_time=1592546859053&mobile=
Source: TA.exeString found in binary or memory: https://www.12345fund.com/api/v1/sf_fund/send_phone_message?mobile=
Source: TA.exeString found in binary or memory: https://www.1ddy.com
Source: TA.exeString found in binary or memory: https://www.1ddy.com/index.php/user/bind.html?ac=phone
Source: TA.exeString found in binary or memory: https://www.1ddy.com/index.php/user/bindmsg.html
Source: TA.exeString found in binary or memory: https://www.2redbeans.com
Source: TA.exeString found in binary or memory: https://www.2redbeans.com/en/app/api/v5/phone_number_verify
Source: TA.exeString found in binary or memory: https://www.2redbeans.com/en/app/api/v5/phone_number_verifyhttp://uss.lenovomm.com/accounts/1.4/send
Source: TA.exeString found in binary or memory: https://www.2redbeans.com/zh-CN/chinese-dating
Source: TA.exeString found in binary or memory: https://www.51zouchuqu.com
Source: TA.exeString found in binary or memory: https://www.51zouchuqu.com/
Source: TA.exeString found in binary or memory: https://www.55haitao.com/Member/get_sms_code
Source: TA.exeString found in binary or memory: https://www.56135.com
Source: TA.exeString found in binary or memory: https://www.56135.com/56135/reg/mobsvr.aspx
Source: TA.exeString found in binary or memory: https://www.56135.com/56135/reg/mobsvr.aspx&type=register&exp=JMShttps://sa.ec-ego.com:8080/sms/smsC
Source: TA.exeString found in binary or memory: https://www.56135.com/56135/reg/register.aspx
Source: TA.exeString found in binary or memory: https://www.66study.com
Source: TA.exeString found in binary or memory: https://www.66study.com/index/Base/sms
Source: TA.exeString found in binary or memory: https://www.66study.com/index/Base/smshttps://merc.aikucun.com/web/sms/authcode/sendhttp://www.napai
Source: TA.exeString found in binary or memory: https://www.66study.com/index/Register/index
Source: TA.exeString found in binary or memory: https://www.91cht.com/woxiang/control/mapi
Source: TA.exeString found in binary or memory: https://www.acadsoc.com.cn/Ajax/Web.UI.Fun.User.aspx?method=SMSCodeByVerifyImgWithGeetest
Source: TA.exeString found in binary or memory: https://www.adbid.net/wp-json/wnd/handler
Source: TA.exeString found in binary or memory: https://www.aihuaju.com/wap/index.php?act=security&op=send_reg_mobile&mobile=
Source: TA.exeString found in binary or memory: https://www.aihuaju.com/wap/register.html
Source: TA.exeString found in binary or memory: https://www.aihuazhu.com/
Source: TA.exeString found in binary or memory: https://www.aihuazhu.com/apic/sys/sms-code.json?mobile=
Source: TA.exeString found in binary or memory: https://www.airbnb.cn
Source: TA.exeString found in binary or memory: https://www.airbnb.cn/api/v2/phone_one_time_passwords?currency=CNY&key=d306zoyjsyarp7ifhu67rjxn52tv0
Source: TA.exeString found in binary or memory: https://www.airbnb.cn/login
Source: TA.exeString found in binary or memory: https://www.amazon.cn
Source: TA.exeString found in binary or memory: https://www.amazon.cn/ap/register
Source: TA.exeString found in binary or memory: https://www.amazon.cn/ap/register/460-9369769-9136854?_encoding=UTF8&openid.assoc_handle=cnflex&open
Source: TA.exeString found in binary or memory: https://www.amazon.cn/ap/registerhttps://www.rc0817.com/index.php?m=Home&c=Members&a=reg_send_sms&pa
Source: TA.exeString found in binary or memory: https://www.byai.com/byai/crm/mobileCaptcha/generate?mobile=
Source: TA.exeString found in binary or memory: https://www.caihaole.cn
Source: TA.exeString found in binary or memory: https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.register&backurl
Source: TA.exeString found in binary or memory: https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.verifycode
Source: TA.exeString found in binary or memory: https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.verifycode&code=
Source: TA.exeString found in binary or memory: https://www.changingedu.com
Source: TA.exeString found in binary or memory: https://www.changingedu.com/beijing
Source: TA.exeString found in binary or memory: https://www.chaolian360.com/api/v1/captcha/sms
Source: TA.exeString found in binary or memory: https://www.chaolian360.com/api/v1/captcha/smstype=4&mobile=https://www.cnzhitao.com/ajax/send_v1512
Source: TA.exeString found in binary or memory: https://www.cnzhitao.com/ajax/send_v
Source: TA.exeString found in binary or memory: https://www.d7w.net/index.php?g=Member&m=Api&a=getmobilecode_binding&j=json&mobile=
Source: TA.exeString found in binary or memory: https://www.danke.com/web-api/user/send-text-verify-code
Source: TA.exeString found in binary or memory: https://www.dm1788.com/index.php?m=Sms&a=sendDouMeiSMS
Source: TA.exeString found in binary or memory: https://www.dominos.com.cn
Source: TA.exeString found in binary or memory: https://www.dominos.com.cn/dominos/user/user/sendRandomNum
Source: TA.exeString found in binary or memory: https://www.dominos.com.cn/dominos/user/user/sendRandomNum&Type=0act=SendSmsCode&Mobile=Host:
Source: TA.exeString found in binary or memory: https://www.dominos.com.cn/register
Source: TA.exeString found in binary or memory: https://www.dongmanmanhua.cn
Source: TA.exeString found in binary or memory: https://www.dongmanmanhua.cn/
Source: TA.exeString found in binary or memory: https://www.dongmanmanhua.cn/member/verificationCode/get
Source: TA.exeString found in binary or memory: https://www.farfetch.cn/cn/account/registermobile
Source: TA.exeString found in binary or memory: https://www.fengjr.com
Source: TA.exeString found in binary or memory: https://www.fengjr.com/api/v2/user/loginRegister/captcha/text?version=1.0
Source: TA.exeString found in binary or memory: https://www.fengjr.com/api/v2/user/loginRegister/captcha/text?version=1.0&Service=renthouse&Operatet
Source: TA.exeString found in binary or memory: https://www.fengjr.com/cn/
Source: TA.exeString found in binary or memory: https://www.fqpai.com
Source: TA.exeString found in binary or memory: https://www.fqpai.com/
Source: TA.exeString found in binary or memory: https://www.fqpai.com/tools/send/safe_mobile
Source: TA.exeString found in binary or memory: https://www.fqpai.com/tools/send/safe_mobilehttps://www.byai.com/byai/crm/mobileCaptcha/generate?mob
Source: TA.exeString found in binary or memory: https://www.fudaojun.com
Source: TA.exeString found in binary or memory: https://www.fudaojun.com/promotion.html
Source: TA.exeString found in binary or memory: https://www.gaotu100.co
Source: TA.exeString found in binary or memory: https://www.gaotu100.com
Source: TA.exeString found in binary or memory: https://www.gaotu100.com/download
Source: TA.exeString found in binary or memory: https://www.guazi.com/node/clientUc/Index/sendVerify?k=39af9fbbfbf7c8693ed220c00db30b7e
Source: TA.exeString found in binary or memory: https://www.guazi.com/node/clientUc/Index/sendVerify?k=39af9fbbfbf7c8693ed220c00db30b7eHost:
Source: TA.exeString found in binary or memory: https://www.gucci.cn/zh/member/sendRegistermobileMessage
Source: TA.exeString found in binary or memory: https://www.hexindai.com
Source: TA.exeString found in binary or memory: https://www.hexindai.com/auth_code?_=1593320256822
Source: TA.exeString found in binary or memory: https://www.hexindai.com/auth_code?_=1593320256822Accept:
Source: TA.exeString found in binary or memory: https://www.hexindai.com/register
Source: TA.exeString found in binary or memory: https://www.hm.com.cn
Source: TA.exeString found in binary or memory: https://www.hm.com.cn/zh_cn/customer/quick/create/
Source: TA.exeString found in binary or memory: https://www.hm.com.cn/zh_cn/customer/sms/sendSms/
Source: TA.exeString found in binary or memory: https://www.hm.com.cn/zh_cn/customer/sms/sendSms/Accept:
Source: TA.exeString found in binary or memory: https://www.huanxi.com
Source: TA.exeString found in binary or memory: https://www.huanxi.com/code/code/getVoiceCode
Source: TA.exeString found in binary or memory: https://www.huanxi.com/code/code/getVoiceCodeAccept:
Source: TA.exeString found in binary or memory: https://www.huanxi.com/player.shtml
Source: TA.exeString found in binary or memory: https://www.huaruisales.com/restful/customer/verify/sms
Source: TA.exeString found in binary or memory: https://www.huinong.org.cn/plugin.php?id=aljlogin&act=mobilelogin&referer=https%3A%2F%2Fwww.huinong.
Source: TA.exeString found in binary or memory: https://www.huinong.org.cn/plugin.php?id=aljyzm&formhash=20413a7f&from=mobilelogin&phone=
Source: TA.exeString found in binary or memory: https://www.huizhong.org/ucenter/register/sms
Source: TA.exeString found in binary or memory: https://www.huohuaschool.com
Source: TA.exeString found in binary or memory: https://www.huohuaschool.com/
Source: TA.exeString found in binary or memory: https://www.intertek.com.cn/Ajax/GetCode.aspx
Source: TA.exeString found in binary or memory: https://www.iqingren.com
Source: TA.exeString found in binary or memory: https://www.iqingren.com/Register.html
Source: TA.exeString found in binary or memory: https://www.iqingren.com/ajax/sendSmsFromLR3.do
Source: TA.exeString found in binary or memory: https://www.iqingren.com/ajax/sendSmsFromLR3.dohttp://www.ecncm.com.cn/register/sendcodehttp://www.1
Source: TA.exeString found in binary or memory: https://www.jiaoyimao.com
Source: TA.exeString found in binary or memory: https://www.jiaoyimao.com/api2/session/sendMobileVerificationCode
Source: TA.exeString found in binary or memory: https://www.jiaoyimao.com/session/loginByPhone
Source: TA.exeString found in binary or memory: https://www.jingdaka.com/bg/register/sendVerifyCode
Source: TA.exeString found in binary or memory: https://www.jingdaka.com/bg/register/sendVerifyCodeaction=get_msm_code&mobile=Accept:
Source: TA.exeString found in binary or memory: https://www.jinzhus.com
Source: TA.exeString found in binary or memory: https://www.jinzhus.com/user/regist/
Source: TA.exeString found in binary or memory: https://www.jinzhus.com/user/regist/sendverifycode/
Source: TA.exeString found in binary or memory: https://www.jinzhus.com/user/regist/sendverifycode/https://www.szsgzsh.com/Ajax/Web.UI.Fun.User.aspx
Source: TA.exeString found in binary or memory: https://www.jmqingting.com/api/api/get_phone_code?
Source: TA.exeString found in binary or memory: https://www.juhe.cn
Source: TA.exeString found in binary or memory: https://www.juhe.cn/register
Source: TA.exeString found in binary or memory: https://www.juhe.cn/sendsms
Source: TA.exeString found in binary or memory: https://www.juhe.cn/sendsms&domain=khjc.zjjytech.com&t=1593825811635apiname=sendCode&type=3&phone=ht
Source: TA.exeString found in binary or memory: https://www.kabrita.com.cn
Source: TA.exeString found in binary or memory: https://www.kabrita.com.cn/tools/manage.ashx
Source: TA.exeString found in binary or memory: https://www.kabrita.com.cn/tools/manage.ashx&source_style=3&uid=0&user_token=&device_type=&version=1
Source: TA.exeString found in binary or memory: https://www.kabrita.com.cn/user/reg.html
Source: TA.exeString found in binary or memory: https://www.kuaishou.com
Source: TA.exeString found in binary or memory: https://www.kuaishou.com/account/login/?sid=kuaishou.web.cp.api&redirectURL=https%3A%2F%2Fmcn.kuaish
Source: TA.exeString found in binary or memory: https://www.kujiale.com/api/useraccount/sms/switch/sendsms
Source: TA.exeString found in binary or memory: https://www.laoyuegou.com
Source: TA.exeString found in binary or memory: https://www.laoyuegou.com/
Source: TA.exeString found in binary or memory: https://www.luochen.com
Source: TA.exeString found in binary or memory: https://www.luochen.com/
Source: TA.exeString found in binary or memory: https://www.luochen.com/System/sendsms
Source: TA.exeString found in binary or memory: https://www.luochen.com/System/sendsmshttps://jucaijz.cn/api/member/sendphone?mobile=&type=1&_=15932
Source: TA.exeString found in binary or memory: https://www.mepai.me
Source: TA.exeString found in binary or memory: https://www.miitjob.cn/m/user_reg.php?act=reg_send_code
Source: TA.exeString found in binary or memory: https://www.miitjob.cn/m/user_reg.php?act=reg_send_codeis_email=0&type_nonce=d923be2c1f&_ajax_nonce=
Source: TA.exeString found in binary or memory: https://www.moretickets.com/openapi/pub/verify_codes/v1/send
Source: TA.exeString found in binary or memory: https://www.mydigit.cn/member.php?mod=register&mobile=2
Source: TA.exeString found in binary or memory: https://www.mydigit.cn/plugin.php?id=comiis_sms&action=register&comiis_tel=
Source: TA.exeString found in binary or memory: https://www.okcis.cn/php/baidu/baidu_getcode.php
Source: TA.exeString found in binary or memory: https://www.p2peye.com
Source: TA.exeString found in binary or memory: https://www.p2peye.com/member.php?mod=qqbinding&action=authentication
Source: TA.exeString found in binary or memory: https://www.p2peye.com/member.php?mod=qqbinding&action=authenticationcountryCode=86&phoneNumber=Host
Source: TA.exeString found in binary or memory: https://www.p2peye.com/member.php?mod=qqbinding&referer=//www.p2peye.com/member.php?mod=register
Source: TA.exeString found in binary or memory: https://www.rc0817.com/index.php?m=Home&c=Members&a=reg_send_sms
Source: TA.exeString found in binary or memory: https://www.renrenbao.com/?app=index/tel_code
Source: TA.exeString found in binary or memory: https://www.shanyhs.com
Source: TA.exeString found in binary or memory: https://www.shanyhs.com/new-pc/pc/
Source: TA.exeString found in binary or memory: https://www.shanyhs.com/sapi/gateway/shs-msg-api/v1/phone-code/new-pc
Source: TA.exeString found in binary or memory: https://www.so.com/link?m=aMj%2Fckgv2u4afKQdHbwcFno5g9JdoyHPYjP5tRBua2E1BmuXCYvbO1CjrmBJlKog1gaAqOeE
Source: TA.exeString found in binary or memory: https://www.so.com/link?m=ar%2BO4nyCCjE7hVSmBwsts3h9fRVtg8TuH9XdHu46dxAxKo4nv5eL9R7aayHxAOhI4R2rYdYS
Source: TA.exeString found in binary or memory: https://www.sohu.com/;
Source: TA.exeString found in binary or memory: https://www.sohu.com/?p=qq
Source: TA.exeString found in binary or memory: https://www.sypm.cn/captcha/send?mobileNumber=
Source: TA.exeString found in binary or memory: https://www.sypm.cn/register
Source: TA.exeString found in binary or memory: https://www.szsgzsh.com/Ajax/Web.UI.Fun.User.aspx?method=SMSCodeByVerifyImgWithGeetest
Source: TA.exeString found in binary or memory: https://www.tiffany.cn
Source: TA.exeString found in binary or memory: https://www.tiffany.cn/Customer/Account/CreateAccount.aspx
Source: TA.exeString found in binary or memory: https://www.tiffany.cn/Customer/Account/CreateAccount.aspx/SendVerificationCode
Source: TA.exeString found in binary or memory: https://www.tripadvisor.cn
Source: TA.exeString found in binary or memory: https://www.tripadvisor.cn/MemberPhoneVerification
Source: TA.exeString found in binary or memory: https://www.tripadvisor.cn/MemberPhoneVerificationHost:
Source: TA.exeString found in binary or memory: https://www.tripadvisor.cn/RegistrationController?flow=core_combined&pid=40486&locationId=13806634&r
Source: TA.exeString found in binary or memory: https://www.tuniu.com/?p=13718
Source: TA.exeString found in binary or memory: https://www.varena.com
Source: TA.exeString found in binary or memory: https://www.varena.com/match/132/info
Source: TA.exeString found in binary or memory: https://www.varena.com/user/api/auth/register/code
Source: TA.exeString found in binary or memory: https://www.varena.com/user/api/auth/register/codeAccept:
Source: TA.exeString found in binary or memory: https://www.vcg.com
Source: TA.exeString found in binary or memory: https://www.vcg.com/
Source: TA.exeString found in binary or memory: https://www.vcg.com/graphql
Source: TA.exeString found in binary or memory: https://www.vcg.com/graphql&_token=YlaZg7nMPApA8SzibrVlILUrWesYpArbxnxWorxr:authority:
Source: TA.exeString found in binary or memory: https://www.weaver.com.cn/subpage/util/tasteM.html?v=2
Source: TA.exeString found in binary or memory: https://www.xd.com/users/sendRegisterCode?callback=jQuery110204464549885546114_1592556911330&mobile=
Source: TA.exeString found in binary or memory: https://www.xhqb.com
Source: TA.exeString found in binary or memory: https://www.xhqb.com/auth/pass/sendRegisterPass
Source: TA.exeString found in binary or memory: https://www.xhqb.com/auth/pass/sendRegisterPasssendId=c04dc145-122e-4983-aa0e-a5503f55a8dd&phone=:au
Source: TA.exeString found in binary or memory: https://www.xhqb.com/m/ffpp.html?appChannel=baidpz02
Source: TA.exeString found in binary or memory: https://www.xxsy.net
Source: TA.exeString found in binary or memory: https://www.xxsy.net/Reg
Source: TA.exeString found in binary or memory: https://www.xxsy.net/Reg/Actions
Source: TA.exeString found in binary or memory: https://www.xxsy.net/Reg/Actionshttps://api2-mall.yidejia.com//api/user/send-sms?cps=0&mobile=cps=0&
Source: TA.exeString found in binary or memory: https://www.yimiaotui.com/api/sms/code
Source: TA.exeString found in binary or memory: https://www.ymm56.com/ymm-userCenter-app/user/verify?_t=1592699704516
Source: TA.exeString found in binary or memory: https://www.ymm56.com/ymm-userCenter-app/user/verify?_t=1592699704516&_hash_=db40656c-169d-4a79-99b1
Source: TA.exeString found in binary or memory: https://www.youcash.com/wechat-web/userLogin/sendnote?phone=
Source: TA.exeString found in binary or memory: https://www.youcash.com/wechat-web/userLogin/sendnote?phone=&imgcode=&sendtype=quicklogin&hpquid=q21
Source: TA.exeString found in binary or memory: https://www.youhro.com/user/send_smsapi
Source: TA.exeString found in binary or memory: https://www.youku.com/&hsiz=pb_0hGFSKKCugnXXWf6sig&fromSite=23&bizParams=
Source: TA.exeString found in binary or memory: https://www.zhaopingou.com
Source: TA.exeString found in binary or memory: https://www.zhaopingou.com/api/qz/ObtainSMSCode?timestamp=1591846888493
Source: TA.exeString found in binary or memory: https://www.zhaopingou.com/api/qz/ObtainSMSCode?timestamp=1591846888493&__hash__=gdwpK5liLxXHpKU3nLv
Source: TA.exeString found in binary or memory: https://www.zhaopingou.com/extension/?tn=hsg108&operator=waibao&cid=-1&k=95249107286x101pe
Source: TA.exeString found in binary or memory: https://www.zhenji.cn/api.php?client_debuging=1&mod=Oauth&act=send_register_code
Source: TA.exeString found in binary or memory: https://www.zhugexuetang.com
Source: TA.exeString found in binary or memory: https://www.zhugexuetang.com/user/register
Source: TA.exeString found in binary or memory: https://www.znds.com/plugin.php?id=tshuz_smslogin:mobile&mod=register
Source: TA.exeString found in binary or memory: https://www.znds.com/plugin.php?id=tshuz_smslogin:mobile&mod=send&phone=
Source: TA.exeString found in binary or memory: https://www.zx123.cn/member/register.php
Source: TA.exeString found in binary or memory: https://www.zx123.cn/member/register.php?action=getcode&ajax=1&mobile=
Source: TA.exeString found in binary or memory: https://www.zybang.com/session/pc/sendtoken?ajax
Source: TA.exeString found in binary or memory: https://www.zybang.com/session/pc/sendtoken?ajax&comefrom=7&auth=&msgtype=0http://id.ifeng.com/api/s
Source: TA.exeString found in binary or memory: https://www.zyjk.com/zyhealth/zh/captcha/send?mobileNumber=
Source: TA.exeString found in binary or memory: https://www.zyjk.com/zyhealth/zh/login?isLoginPage=false
Source: TA.exeString found in binary or memory: https://www.zzidc.com
Source: TA.exeString found in binary or memory: https://www.zzidc.com/main/member/initRegister
Source: TA.exeString found in binary or memory: https://www.zzidc.com/main/member/sendMobileCode
Source: TA.exeString found in binary or memory: https://www.zzidc.com/main/member/sendValidCode4regist
Source: TA.exeString found in binary or memory: https://www.zzidc.com/main/member/sendValidCode4registhttps://www.zzidc.com/main/member/sendMobileCo
Source: TA.exeString found in binary or memory: https://xtrade.newone.com.cn
Source: TA.exeString found in binary or memory: https://xtrade.newone.com.cn/capi/sendSMSValidtionCode
Source: TA.exeString found in binary or memory: https://xtrade.newone.com.cn/capi/sendSMSValidtionCode&type=1http://sns.xgtt.cn/index.php?app=w3g&mo
Source: TA.exeString found in binary or memory: https://xtrade.newone.com.cn/ssologin?t=jykstd
Source: TA.exeString found in binary or memory: https://xueyuan.baihe.com/h5/sms/getLoginSms
Source: TA.exeString found in binary or memory: https://zi.com
Source: TA.exeString found in binary or memory: https://zi.com/
Source: TA.exeString found in binary or memory: https://zs.xhh.com
Source: TA.exeString found in binary or memory: https://zs.xhh.com/signup
Source: TA.exeString found in binary or memory: https://zs.xhh.com/signup/code
Source: TA.exeString found in binary or memory: https://zs.xhh.com/signup/code&type=6https://prod.huohuaschool.com/api-website/user/sms?phone=Accept
Source: TA.exeString found in binary or memory: https://zyb.zybang.com
Source: TA.exeString found in binary or memory: https://zyb.zybang.com/
Source: TA.exeString found in binary or memory: https://zzkh.gf.com.cn/booking/token/mobile/sendSmsCode?mobile=
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004DB2DC GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_004DB2DC
Source: TA.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004D202A0_2_004D202A
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004680E00_2_004680E0
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004D8A590_2_004D8A59
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004662D00_2_004662D0
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004823400_2_00482340
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_0045DC500_2_0045DC50
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004CDFA60_2_004CDFA6
Source: C:\Users\user\Desktop\TA.exeCode function: String function: 004C8378 appears 34 times
Source: TA.exeReversingLabs: Detection: 48%
Source: TA.exeVirustotal: Detection: 58%
Source: TA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\TA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: TA.exeString found in binary or memory: Cookie: as=6a5bcdd74a4e7558dce8600d4d105039; JSESSIONID=CE982E2E054DDA78BC945268668E4B83.web2; Hm_lvt_58a32508859466553c484458eb9740e8=1592797691; Hm_lvt_2c3784f03626d6f26635da62b9bfad4f=1592797691; nb-referrer-hostname=e.huanduguihua.com; AUI_SC=%7B%22oauth2_ref%22%3A%22http%3A%2F%2Fe.huanduguihua.com%2Faccount%2FmyCourseRedirect%2FtoCourse%22%7D; Hm_lpvt_2c3784f03626d6f26635da62b9bfad4f=1592797697; Hm_lpvt_58a32508859466553c484458eb9740e8=1592797697; nb-start-page-url=http%3A%2F%2Fe.huanduguihua.com%2FregisterRedirect.do%3Faction%3DtoRegister%26fromurl%3Dhttp%3A%2F%2Fe.huanduguihua.com%2Faccount%2FmyCourseRedirect%2FtoCourse
Source: classification engineClassification label: mal68.winEXE@1/0@0/0
Source: TA.exeStatic file information: File size 1617920 > 1048576
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004C6240 push eax; ret 0_2_004C626E
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004C8378 push eax; ret 0_2_004C8396
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_0045D840 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,LoadTypeLib,LoadTypeLib,RegisterTypeLib,CLSIDFromString,UnRegisterTypeLib,0_2_0045D840
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004C4876 IsIconic,GetWindowPlacement,GetWindowRect,0_2_004C4876
Source: C:\Users\user\Desktop\TA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\TA.exeAPI coverage: 6.8 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004D6C02 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_004D6C02
Source: TA.exeBinary or memory string: User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36phoneCode=86&loginId=15123456778&countryCode=CN&ua=125#cOKcaGU4cWQHSg0IKavCj1dSu/keOCLVzB6wAS7rch3sIkZDGltAXhyOcrUQLeC1fYwQBZctn9x+HUAy/0oY+OO4SkwcZp6Xt6pbZH5PQeD+mwRAwaZsD7v+Ls0bLbPGOt6AuIy3bmJSCtnfaaPcB3FENQPb/mcDq8lj1u6EGlzRoTA/T9UbccssKeEcGkHUFcVpEgcciUic8BsDcy59bcscKwVLaDHUcgVNEgsC8mES/CfwAj4b+ggSIM5SmDrZcgDwEcyTbkracLyQacDbUgscQghcR/oTJo9LjenUJ4Gu3axRkdpXfWdGu5pReK8n1VTUbXq532+VCAFOekY3k2DB3DZ9jVLDcTPgQoffsUZPfUulEE1tX3LZ9ndm+373dmP8+2PeUzjJLgk45ESUR1xaLGEpYghSg+cRIaA2pkh3Vm9R30yQa5OfpXrg5m0oYYNobUjvLS13KOuy0TchlD1QMo+B7jr0HOzGRlsBe6hA5zg/wIsMMO+192DwemAnI9WCDf1lRwuD697tV/MhCt8z1VewMTIiHRhK/Bi7g8MKEITRJVRyzBfUk2khSZ1a1iJRjxl6RwamWTu4BQqp6I0Z9VzunQH0B316bROhAMgb8l+ccF6JSSL65Nt9GwaM94dMfRLqr8wza+jzFbnJm7Na8UEhqbjlq6t6Az+aEedtidaGhfGFKL/OAN4hDIn/5+QCt02vICKkJ+iC7VhjLq9CqRTyH0VSSoFZp+qXc/LJ1cCBm4SaPQwOi6xTFJ7lEGuH+/VFNDjM/R5IAZlU1LJ5wOyYnR5rGKZnGW3rMOvjZk+dP7z7tqCX7oKTQo0IbExulHfU7sQ47dtYJbBfWxft6gUtrb3EAGgFluRum9oIM/2UeqAda+BE7voGYEjRN2tydEgv8ctoZQpX8pSAyzpmJKO4Rb0brtE9XC9lbNUU2ahmoyPLW7cvMhSCGULEDwMRb6pFaVEMG9kA/l+17mceITGZtPWXcKW/+Pj94oGP4fiAuY/bA2DTxO2oQDrBJybEdKVDIKAi5v2onUgFsyVTouuymGZqRY+QfqS39+QzBEGk6UvQoWfcLDKMZKllCWP=&umidGetStatusVal=255&screenPixel=360x720&navlanguage=zh-CN&navUserAgent=Mozilla/5.0 (Linux; U; Android 7.1.1; zh-cn; OPPO A83 Build/N6F26Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/70.0.3538.80 Mobile Safari/537.36 HeyTapBrowser/10.7.4.2&navPlatform=Linux armv8l&appName=youku&appEntrance=youku&_csrf_token=gmUee40aiKnxcA1aehI3&umidToken=298c48a7070e2c608941d5df9e9086a5ffcefd6b&isMobile=true&lang=zh_CN&returnUrl=https://www.youku.com/&hsiz=pb_0hGFSKKCugnXXWf6sig&fromSite=23&bizParams=
Source: TA.exeBinary or memory string: phoneCode=86&loginId=15123456778&countryCode=CN&ua=125#cOKcaGU4cWQHSg0IKavCj1dSu/keOCLVzB6wAS7rch3sIkZDGltAXhyOcrUQLeC1fYwQBZctn9x+HUAy/0oY+OO4SkwcZp6Xt6pbZH5PQeD+mwRAwaZsD7v+Ls0bLbPGOt6AuIy3bmJSCtnfaaPcB3FENQPb/mcDq8lj1u6EGlzRoTA/T9UbccssKeEcGkHUFcVpEgcciUic8BsDcy59bcscKwVLaDHUcgVNEgsC8mES/CfwAj4b+ggSIM5SmDrZcgDwEcyTbkracLyQacDbUgscQghcR/oTJo9LjenUJ4Gu3axRkdpXfWdGu5pReK8n1VTUbXq532+VCAFOekY3k2DB3DZ9jVLDcTPgQoffsUZPfUulEE1tX3LZ9ndm+373dmP8+2PeUzjJLgk45ESUR1xaLGEpYghSg+cRIaA2pkh3Vm9R30yQa5OfpXrg5m0oYYNobUjvLS13KOuy0TchlD1QMo+B7jr0HOzGRlsBe6hA5zg/wIsMMO+192DwemAnI9WCDf1lRwuD697tV/MhCt8z1VewMTIiHRhK/Bi7g8MKEITRJVRyzBfUk2khSZ1a1iJRjxl6RwamWTu4BQqp6I0Z9VzunQH0B316bROhAMgb8l+ccF6JSSL65Nt9GwaM94dMfRLqr8wza+jzFbnJm7Na8UEhqbjlq6t6Az+aEedtidaGhfGFKL/OAN4hDIn/5+QCt02vICKkJ+iC7VhjLq9CqRTyH0VSSoFZp+qXc/LJ1cCBm4SaPQwOi6xTFJ7lEGuH+/VFNDjM/R5IAZlU1LJ5wOyYnR5rGKZnGW3rMOvjZk+dP7z7tqCX7oKTQo0IbExulHfU7sQ47dtYJbBfWxft6gUtrb3EAGgFluRum9oIM/2UeqAda+BE7voGYEjRN2tydEgv8ctoZQpX8pSAyzpmJKO4Rb0brtE9XC9lbNUU2ahmoyPLW7cvMhSCGULEDwMRb6pFaVEMG9kA/l+17mceITGZtPWXcKW/+Pj94oGP4fiAuY/bA2DTxO2oQDrBJybEdKVDIKAi5v2onUgFsyVTouuymGZqRY+QfqS39+QzBEGk6UvQoWfcLDKMZKllCWP=&umidGetStatusVal=255&screenPixel=360x720&navlanguage=zh-CN&navUserAgent=Mozilla/5.0 (Linux; U; Android 7.1.1; zh-cn; OPPO A83 Build/N6F26Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/70.0.3538.80 Mobile Safari/537.36 HeyTapBrowser/10.7.4.2&navPlatform=Linux armv8l&appName=youku&appEntrance=youku&_csrf_token=gmUee40aiKnxcA1aehI3&umidToken=298c48a7070e2c608941d5df9e9086a5ffcefd6b&isMobile=true&lang=zh_CN&returnUrl=https://www.youku.com/&hsiz=pb_0hGFSKKCugnXXWf6sig&fromSite=23&bizParams=
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_0045D840 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,LoadTypeLib,LoadTypeLib,RegisterTypeLib,CLSIDFromString,UnRegisterTypeLib,0_2_0045D840
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004831A0 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId,0_2_004831A0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004D0F1C GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_004D0F1C
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004E092A GetVersion,InitializeCriticalSection,0_2_004E092A
Source: C:\Users\user\Desktop\TA.exeCode function: 0_2_004C77A0 GetLocalTime,GetSystemTime,GetTimeZoneInformation,0_2_004C77A0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts2
Command and Scripting Interpreter		Path InterceptionPath Interception1
Deobfuscate/Decode Files or Information		1
Input Capture		2
System Time Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default Accounts1
Native API		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Obfuscated Files or Information		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets3
System Information Discovery		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1347278 Sample: TA.exe Startdate: 24/11/2023 Architecture: WINDOWS Score: 68 7 Antivirus detection for URL or domain 2->7 9 Antivirus / Scanner detection for submitted sample 2->9 11 Multi AV Scanner detection for submitted file 2->11 13 Machine Learning detection for sample 2->13 5 TA.exe 2->5         started        process3

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
TA.exe48%ReversingLabsWin32.PUA.FlyStudio
TA.exe58%VirustotalBrowse
TA.exe100%AviraTR/Emotet.aisip
TA.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.gaotu100.com/download0%Avira URL Cloudsafe
http://www.wrd.cn0%Avira URL Cloudsafe
http://ts.hcemiao8.com/wap/?bd_vid=112384755731859233020%Avira URL Cloudsafe
https://account.zhenrongbao.com/account/sendidentitycodenew&type=voicecountryCode=86&mobile=Accept:0%Avira URL Cloudsafe
http://www.tuiyizx.com/login/sendCode_post?mobile=0%Avira URL Cloudsafe
https://bj.ke.com/?utm_source=360&utm_medium=navi&utm_term=mingzhan&utm_content=paid&utm_campaign=pc0%Avira URL Cloudsafe
https://cloud.mfu.cn0%Avira URL Cloudsafe
https://account.zhenrongbao.com0%Avira URL Cloudsafe
http://www.wrd.cn0%VirustotalBrowse
http://ts.hcemiao8.com/wap/?bd_vid=112384755731859233020%VirustotalBrowse
https://account.zhenrongbao.com/account/sendidentitycodenew&type=voicecountryCode=86&mobile=Accept:0%VirustotalBrowse
https://customer.bmwgroup.cn/gcdm/public/bmwdigital/CN-zh/customers&code=CN&type=codeVerifyhttps://a0%Avira URL Cloudsafe
https://www.gaotu100.com/download0%VirustotalBrowse
http://www.dapengjiaoyu.cn/0%Avira URL Cloudsafe
https://app.zi.com/zi/captcha/get_register_voiceXDEBUG_SESSION_START=ECLIPSE_DBGP&captcha=&mobile_ph0%Avira URL Cloudsafe
http://www.tuiyizx.com/login/sendCode_post?mobile=0%VirustotalBrowse
https://bj.ke.com/?utm_source=360&utm_medium=navi&utm_term=mingzhan&utm_content=paid&utm_campaign=pc0%VirustotalBrowse
https://aisite.wejianzhan.com/site/acadsoc.net/34d685b9-3f51-4f0e-8457-74d04278b9f6?fid=nHcvP1bLP1ms0%Avira URL Cloudsafe
https://account.zhenrongbao.com0%VirustotalBrowse
https://cloud.mfu.cn0%VirustotalBrowse
http://www.idcrt.com/process.aspx?c=sendvcode&vt=sms&va=reg&mobile=0%Avira URL Cloudsafe
https://www.shanyhs.com/new-pc/pc/0%Avira URL Cloudsafe
https://customer.bmwgroup.cn/gcdm/public/bmwdigital/CN-zh/customers&code=CN&type=codeVerifyhttps://a0%VirustotalBrowse
https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.register&backurl0%Avira URL Cloudsafe
http://www.dapengjiaoyu.cn/0%VirustotalBrowse
http://m.tuiyizx.com/login/sendCodes0%Avira URL Cloudsafe
https://app.zi.com/zi/captcha/get_register_voiceXDEBUG_SESSION_START=ECLIPSE_DBGP&captcha=&mobile_ph0%VirustotalBrowse
http://www.keedu.cn/member/regist0%Avira URL Cloudsafe
https://aisite.wejianzhan.com/site/acadsoc.net/34d685b9-3f51-4f0e-8457-74d04278b9f6?fid=nHcvP1bLP1ms0%VirustotalBrowse
https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018&signkey=loginjsa100%Avira URL Cloudphishing
https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.register&backurl0%VirustotalBrowse
http://food.funtoygame.com/index.php/RegisterPresent/getCode0%Avira URL Cloudsafe
http://www.gongyeyun.com0%Avira URL Cloudsafe
http://www.idcrt.com/process.aspx?c=sendvcode&vt=sms&va=reg&mobile=0%VirustotalBrowse
http://m.tuiyizx.com/login/sendCodes0%VirustotalBrowse
https://www.shanyhs.com/new-pc/pc/0%VirustotalBrowse
https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018&signkey=loginjsa0%VirustotalBrowse
http://www.gongyeyun.com0%VirustotalBrowse
https://bj.ke.com0%VirustotalBrowse
http://food.funtoygame.com/index.php/RegisterPresent/getCode0%VirustotalBrowse
http://www.sgjia.cn0%VirustotalBrowse
http://www.sgjia.cn0%Avira URL Cloudsafe
http://www.moxingyun.com0%Avira URL Cloudsafe
https://bj.ke.com0%Avira URL Cloudsafe
http://www.tuiyizx.com/uc/bd/phone0%Avira URL Cloudsafe
http://www.keedu.cn/member/regist0%VirustotalBrowse
https://api.rrsjk.com/oauth2/sms/send_vertify_code.do?mobile=0%Avira URL Cloudsafe
https://www.zyjk.com/zyhealth/zh/captcha/send?mobileNumber=0%Avira URL Cloudsafe
http://static.ymm56.com0%Avira URL Cloudsafe
http://www.napai.cn/Admin/Booking/send_msm0%Avira URL Cloudsafe
https://www.ymm56.com/ymm-userCenter-app/user/verify?_t=15926997045160%Avira URL Cloudsafe
http://www.moxingyun.com0%VirustotalBrowse
http://www.tuiyizx.com/uc/bd/phone0%VirustotalBrowse
https://www.hm.com.cn/zh_cn/customer/sms/sendSms/Accept:0%Avira URL Cloudsafe
http://api.qingmang.me/v1/account.sendVerification?token=&phone=%2B860%Avira URL Cloudsafe
http://static.ymm56.com0%VirustotalBrowse
https://monline.01zhuanche.com0%Avira URL Cloudsafe
https://www.ymm56.com/ymm-userCenter-app/user/verify?_t=15926997045160%VirustotalBrowse
http://m.360xkw.com/tiku/sms/sendSMSForH5NoLogin.do?type=1&password=147a258b&loginCode=qq&weixin_uni0%Avira URL Cloudsafe
https://www.hm.com.cn/zh_cn/customer/sms/sendSms/Accept:0%VirustotalBrowse
http://www.napai.cn/Admin/Booking/send_msm0%VirustotalBrowse
https://www.danke.com/web-api/user/send-text-verify-code0%Avira URL Cloudsafe
https://www.zyjk.com/zyhealth/zh/captcha/send?mobileNumber=0%VirustotalBrowse
https://www.66study.com/index/Base/smshttps://merc.aikucun.com/web/sms/authcode/sendhttp://www.napai0%Avira URL Cloudsafe
http://ts.hcemiao8.com0%Avira URL Cloudsafe
http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=100%Avira URL Cloudphishing
https://monline.01zhuanche.com0%VirustotalBrowse
https://www.danke.com/web-api/user/send-text-verify-code0%VirustotalBrowse
https://gw-driver-wap.01zhuanche.com/gw-driver-wap/inside-mp/api/v2/msg/codeSendHost:0%Avira URL Cloudsafe
https://api.rrsjk.com/oauth2/sms/send_vertify_code.do?mobile=0%VirustotalBrowse
http://gj.liansuosoft.com/ShopRegister/SendSms?mobile=0%Avira URL Cloudsafe
https://www.66study.com/index/Base/smshttps://merc.aikucun.com/web/sms/authcode/sendhttp://www.napai0%VirustotalBrowse
http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=Accept:100%Avira URL Cloudphishing
http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=1%VirustotalBrowse
http://open.7723.com/user/developer_user/send_veri.html0%Avira URL Cloudsafe
http://m.360xkw.com/tiku/sms/sendSMSForH5NoLogin.do?type=1&password=147a258b&loginCode=qq&weixin_uni0%VirustotalBrowse
http://api.qingmang.me/v1/account.sendVerification?token=&phone=%2B860%VirustotalBrowse
https://www.caihaole.cn0%Avira URL Cloudsafe
http://www.jijieu.com/index.php&type=commonhttps://www.dm1788.com/index.php?m=Sms&a=sendDouMeiSMS&pT0%Avira URL Cloudsafe
https://www.huaruisales.com/restful/customer/verify/sms0%Avira URL Cloudsafe
http://gj.liansuosoft.com/ShopRegister/SendSms?mobile=0%VirustotalBrowse
https://activity.jingyupeiyou.com/pages/sem/reg?source=1sn1zZQ3lhJRU_9IdU4&staff_no=360_PC_0701_00150%Avira URL Cloudsafe
http://reg.wx.suctan.com0%Avira URL Cloudsafe
http://ts.hcemiao8.com0%VirustotalBrowse
https://www.1ddy.com0%Avira URL Cloudsafe
https://gw-driver-wap.01zhuanche.com/gw-driver-wap/inside-mp/api/v2/msg/codeSendHost:0%VirustotalBrowse
https://www.aihuaju.com/wap/index.php?act=security&op=send_reg_mobile&mobile=0%Avira URL Cloudsafe
http://ucenter.zycg.gov.cn/seller/seller/system/registration/step10%Avira URL Cloudsafe
http://m.zhimeng.com.cn/account/register/0%Avira URL Cloudsafe
http://www.tuiyizx.com0%Avira URL Cloudsafe
http://m.tuiyizx.com/login/getTokenmobile=Host:0%Avira URL Cloudsafe
https://open.qudian.com/v3/platform/api/user/loginSendPhoneValidationCodeV2http://m.tk.cn/tkmobile/o0%Avira URL Cloudsafe
https://m.puxinwangxiao.com0%Avira URL Cloudsafe
http://yy.tyxsf.cn/register/0%Avira URL Cloudsafe
https://cloud.mfu.cn/index.php/auth/verifyContent-Type:0%Avira URL Cloudsafe
https://www.xhqb.com/auth/pass/sendRegisterPasssendId=c04dc145-122e-4983-aa0e-a5503f55a8dd&phone=:au0%Avira URL Cloudsafe
https://sa.ec-ego.com:8080/sms/smsCode/getCode?mobilePhone=0%Avira URL Cloudsafe
http://m.qarc.cn/account/personcheck.aspx0%Avira URL Cloudsafe
http://www.yfdyf.com/m/passport/reg.html0%Avira URL Cloudsafe
https://pc.xiaoguo101.com/api/users/code/send?channelId=5dad2cc65a8c1c06ca91ce94https://account.baba0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://hz.5i5j.com/xiaoqu/100000000005528.htmlTA.exefalse
    		high
    https://www.kujiale.com/api/useraccount/sms/switch/sendsmsTA.exefalse
      		high
      http://www.wrd.cnTA.exefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.tuiyizx.com/login/sendCode_post?mobile=TA.exefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://account.zhenrongbao.com/account/sendidentitycodenew&type=voicecountryCode=86&mobile=Accept:TA.exefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://www.gaotu100.com/downloadTA.exefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://card.10010.com/ko-order/messageCaptcha/send?phoneVal=TA.exefalse
        		high
        http://ts.hcemiao8.com/wap/?bd_vid=11238475573185923302TA.exefalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://www.jisuapp.cn/index.php?r=Login/SendPhoneCodeTA.exefalse
          		high
          https://account.weimob.com/website/saas/account/api2/user/getCodeRshttps://m.ptbchina.com/index.php/TA.exefalse
            		high
            https://bj.ke.com/?utm_source=360&utm_medium=navi&utm_term=mingzhan&utm_content=paid&utm_campaign=pcTA.exefalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://cloud.mfu.cnTA.exefalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://account.zhenrongbao.comTA.exefalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://account.zbj.comTA.exefalse
              		high
              https://customer.bmwgroup.cn/gcdm/public/bmwdigital/CN-zh/customers&code=CN&type=codeVerifyhttps://aTA.exefalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://login-openaccount.taobao.com/login/sendsmscode.doTA.exefalse
                		high
                http://wenxuan.pospal.cnTA.exefalse
                  		high
                  http://www.dapengjiaoyu.cn/TA.exefalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiaoping.com/product/388.htmlTA.exefalse
                    		high
                    https://www.p2peye.com/member.php?mod=qqbinding&action=authenticationcountryCode=86&phoneNumber=HostTA.exefalse
                      		high
                      http://www.jiaoping.com/product/10694.htmlTA.exefalse
                        		high
                        https://app.zi.com/zi/captcha/get_register_voiceXDEBUG_SESSION_START=ECLIPSE_DBGP&captcha=&mobile_phTA.exefalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://user.jietusoft.com/signup.htmlTA.exefalse
                          		high
                          https://aisite.wejianzhan.com/site/acadsoc.net/34d685b9-3f51-4f0e-8457-74d04278b9f6?fid=nHcvP1bLP1msTA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.idcrt.com/process.aspx?c=sendvcode&vt=sms&va=reg&mobile=TA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.shanyhs.com/new-pc/pc/TA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.caihaole.cn/app/index.php?i=6&c=entry&m=ewei_shopv2&do=mobile&r=account.register&backurlTA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://m.tuiyizx.com/login/sendCodesTA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.keedu.cn/member/registTA.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://m.ctrip.com/webapp/hotel/hoteldetail/89852.html?allianceid=3470&sid=898333&ouid=marhotel_ppiTA.exefalse
                            		high
                            https://www.kuaishou.com/account/login/?sid=kuaishou.web.cp.api&redirectURL=https%3A%2F%2Fmcn.kuaishTA.exefalse
                              		high
                              https://user.jl.gov.cn/v1/apigw/app/user/naturalperson/sendsmscode?_t=1593091393018&signkey=loginjsaTA.exefalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: phishing
                              		unknown
                              http://www.gongyeyun.comTA.exefalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://food.funtoygame.com/index.php/RegisterPresent/getCodeTA.exefalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sgjia.cnTA.exefalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.tianjin-air.com/api/user/sendCode?phone=TA.exefalse
                                		high
                                http://www.moxingyun.comTA.exefalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://bj.ke.comTA.exefalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.tuiyizx.com/uc/bd/phoneTA.exefalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.rrsjk.com/oauth2/sms/send_vertify_code.do?mobile=TA.exefalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.zyjk.com/zyhealth/zh/captcha/send?mobileNumber=TA.exefalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://b2b.haier.com/TA.exefalse
                                  		high
                                  http://static.ymm56.comTA.exefalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.napai.cn/Admin/Booking/send_msmTA.exefalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://login.lvmama.com/nsso//mobileAjax/register.do?mobileOrEMail=TA.exefalse
                                    		high
                                    https://www.ymm56.com/ymm-userCenter-app/user/verify?_t=1592699704516TA.exefalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.hm.com.cn/zh_cn/customer/sms/sendSms/Accept:TA.exefalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://api.qingmang.me/v1/account.sendVerification?token=&phone=%2B86TA.exefalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.zx123.cn/member/register.phpTA.exefalse
                                      		high
                                      https://monline.01zhuanche.comTA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://m.360xkw.com/tiku/sms/sendSMSForH5NoLogin.do?type=1&password=147a258b&loginCode=qq&weixin_uniTA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.danke.com/web-api/user/send-text-verify-codeTA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.66study.com/index/Base/smshttps://merc.aikucun.com/web/sms/authcode/sendhttp://www.napaiTA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://ts.hcemiao8.comTA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=TA.exefalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://gw-driver-wap.01zhuanche.com/gw-driver-wap/inside-mp/api/v2/msg/codeSendHost:TA.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.fengjr.com/cn/TA.exefalse
                                        		high
                                        http://gj.liansuosoft.com/ShopRegister/SendSms?mobile=TA.exefalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dopzuul.dd2007.cn/shangji/officeWebInterface/getYzmByMobile.dd?mobile=Accept:TA.exefalse
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://jinshuju.netTA.exefalse
                                          		high
                                          https://m.juneyaoair.com/login/login/index.htmlTA.exefalse
                                            		high
                                            http://open.7723.com/user/developer_user/send_veri.htmlTA.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://api.passport.pptv.com/snsms/sendcode?_source=ppsports&apptype=android&appversion=1.0.7.1&deviTA.exefalse
                                              		high
                                              https://www.caihaole.cnTA.exefalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jijieu.com/index.php&type=commonhttps://www.dm1788.com/index.php?m=Sms&a=sendDouMeiSMS&pTTA.exefalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.huaruisales.com/restful/customer/verify/smsTA.exefalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://id.kuaishou.com/pass/kuaishou/sms/requestMobileCodehttps://www.danke.com/web-api/user/send-tTA.exefalse
                                                		high
                                                https://www.jiaoyimao.com/session/loginByPhoneTA.exefalse
                                                  		high
                                                  https://activity.jingyupeiyou.com/pages/sem/reg?source=1sn1zZQ3lhJRU_9IdU4&staff_no=360_PC_0701_0015TA.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://reg.wx.suctan.comTA.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://papi.qingting.fm/auth/verify_code?phone=TA.exefalse
                                                    		high
                                                    https://passport.youzan.comTA.exefalse
                                                      		high
                                                      https://www.1ddy.comTA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.aihuaju.com/wap/index.php?act=security&op=send_reg_mobile&mobile=TA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://ucenter.zycg.gov.cn/seller/seller/system/registration/step1TA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://m.zhimeng.com.cn/account/register/TA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tuiyizx.comTA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://m.tuiyizx.com/login/getTokenmobile=Host:TA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://open.qudian.com/v3/platform/api/user/loginSendPhoneValidationCodeV2http://m.tk.cn/tkmobile/oTA.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://sso.agora.io/api/verify/sms?phone=%2B86TA.exefalse
                                                        		high
                                                        https://m.puxinwangxiao.comTA.exefalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.fengjr.com/api/v2/user/loginRegister/captcha/text?version=1.0&Service=renthouse&OperatetTA.exefalse
                                                          		high
                                                          http://yy.tyxsf.cn/register/TA.exefalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.so.com/link?m=aMj%2Fckgv2u4afKQdHbwcFno5g9JdoyHPYjP5tRBua2E1BmuXCYvbO1CjrmBJlKog1gaAqOeETA.exefalse
                                                            		high
                                                            http://user-api.qianlima.com/api/user/register/mobile/codeTA.exefalse
                                                              		high
                                                              https://cloud.mfu.cn/index.php/auth/verifyContent-Type:TA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.xhqb.com/auth/pass/sendRegisterPasssendId=c04dc145-122e-4983-aa0e-a5503f55a8dd&phone=:auTA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://sa.ec-ego.com:8080/sms/smsCode/getCode?mobilePhone=TA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://m.qarc.cn/account/personcheck.aspxTA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.yfdyf.com/m/passport/reg.htmlTA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://pc.xiaoguo101.com/api/users/code/send?channelId=5dad2cc65a8c1c06ca91ce94https://account.babaTA.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://v.aimsen.comTA.exefalse
                                                                		high
                                                                https://www.xhqb.com/auth/pass/sendRegisterPassTA.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://huaban.com/captcha/&username=fuguietrtoperFlag=sendMsgByPhone&mobilephone=https://www.91cht.TA.exefalse
                                                                  		high
                                                                  https://zi.com/TA.exefalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://m.9ji.comTA.exefalse
                                                                    		high
                                                                    http://gold800.com/home/backinterface/sendVerifycodeTA.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://srmemberapp.srgow.com/sys/captcha/Host:TA.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.boloni.com/cmobile/user/getToken.htmlTA.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.tripadvisor.cnTA.exefalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      No contacted IP infos

                                                                      General Information

                                                                      Joe Sandbox Version:38.0.0 Ammolite
                                                                      Analysis ID:1347278
                                                                      Start date and time:2023-11-24 09:33:35 +01:00
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 3m 54s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:5
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample file name:TA.exe
                                                                      Detection:MAL
                                                                      Classification:mal68.winEXE@1/0@0/0
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 64%
                                                                      • Number of executed functions: 19
                                                                      • Number of non-executed functions: 78
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      No simulations

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      No context

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      No context

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      No created / dropped files found

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.560661740138381
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.42%
                                                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                      • Windows Screen Saver (13104/52) 0.13%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      File name:TA.exe
                                                                      File size:1'617'920 bytes
                                                                      MD5:c11a8a38c5e29be8c6419d493dd2cbe4
                                                                      SHA1:952636f0d3a3620bbebc5c726d7a99788c0bbc4a
                                                                      SHA256:e2dd1c63b8a995b7616586157b8cecd43a460afccf052929cf852998b1ab4d3b
                                                                      SHA512:4ec817c290309ae809498165d45b2b0311f88ff30f41e0e42168bfcd4af6a28c7bf7826d95e4dec30ad562b2e0e097efda3468403ff96f96f59c0f9da90becbb
                                                                      SSDEEP:24576:xew4E6c2QUXSEairHrPcalE066ew+Gfmm0ea5S7XAf0MfgW+5K:xwQUXSEascQ66dKeOyXAMMfgvK
                                                                      TLSH:EF750602F643C0E2D5495AF1F67997F8A4B60E36C8758983DBF4FEA43C321B242A615D
                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......".90f.Wcf.Wcf.Wc..\co.Wc..]c`.Wc..[cc.Wc0.DcK.Wc..YcJ.Wc..Dc|.Wcf.Vc..Wc...ce.WcP.\c..WcP.]c..Wc..\c..Wc..]c}.Wcf.Wc5.Wc..Qcg.W

                                                                      File Icon

                                                                      Icon Hash:311b7ae4d1713927

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x4c4c9d
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                      DLL Characteristics:
                                                                      Time Stamp:0x5F5C5D4C [Sat Sep 12 05:31:56 2020 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:96891102cbca0f96cc1dc62678401b5f
                                                                      Instruction
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push FFFFFFFFh
                                                                      push 0054FD88h
                                                                      push 004C754Ch
                                                                      mov eax, dword ptr fs:[00000000h]
                                                                      push eax
                                                                      mov dword ptr fs:[00000000h], esp
                                                                      sub esp, 58h
                                                                      push ebx
                                                                      push esi
                                                                      push edi
                                                                      mov dword ptr [ebp-18h], esp
                                                                      call dword ptr [004E6178h]
                                                                      xor edx, edx
                                                                      mov dl, ah
                                                                      mov dword ptr [005ACF7Ch], edx
                                                                      mov ecx, eax
                                                                      and ecx, 000000FFh
                                                                      mov dword ptr [005ACF78h], ecx
                                                                      shl ecx, 08h
                                                                      add ecx, edx
                                                                      mov dword ptr [005ACF74h], ecx
                                                                      shr eax, 10h
                                                                      mov dword ptr [005ACF70h], eax
                                                                      push 00000001h
                                                                      call 00007EFD316770EBh
                                                                      pop ecx
                                                                      test eax, eax
                                                                      jne 00007EFD31671F6Ah
                                                                      push 0000001Ch
                                                                      call 00007EFD31672028h
                                                                      pop ecx
                                                                      call 00007EFD31676E96h
                                                                      test eax, eax
                                                                      jne 00007EFD31671F6Ah
                                                                      push 00000010h
                                                                      call 00007EFD31672017h
                                                                      pop ecx
                                                                      xor esi, esi
                                                                      mov dword ptr [ebp-04h], esi
                                                                      call 00007EFD31676CC4h
                                                                      call dword ptr [004E6374h]
                                                                      mov dword ptr [005B21A4h], eax
                                                                      call 00007EFD31676B82h
                                                                      mov dword ptr [005ACEE4h], eax
                                                                      call 00007EFD3167692Bh
                                                                      call 00007EFD3167686Dh
                                                                      call 00007EFD31675B24h
                                                                      mov dword ptr [ebp-30h], esi
                                                                      lea eax, dword ptr [ebp-5Ch]
                                                                      push eax
                                                                      call dword ptr [004E6204h]
                                                                      call 00007EFD316767FEh
                                                                      mov dword ptr [ebp-64h], eax
                                                                      test byte ptr [ebp-30h], 00000001h
                                                                      je 00007EFD31671F68h
                                                                      movzx eax, word ptr [ebp+00h]
                                                                      Programming Language:
                                                                      • [C++] VS98 (6.0) SP6 build 8804
                                                                      • [ C ] VS98 (6.0) SP6 build 8804
                                                                      • [C++] VS98 (6.0) build 8168
                                                                      • [ C ] VS98 (6.0) build 8168
                                                                      • [EXP] VC++ 6.0 SP5 build 8804
                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1582980x104.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1b30000x170e4.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xe60000x710.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000xe439a0xe5000False0.4267354240584061data6.407572341221376IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0xe60000x746840x75000False0.3548218816773504data6.10125764336295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x15b0000x571aa0x18000False0.3139851888020833data5.227541130594505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0x1b30000x170e40x18000False0.303741455078125data4.615276365659875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      TEXTINCLUDE0x1b3d9c0xbASCII text, with no line terminatorsChineseChina1.7272727272727273
                                                                      TEXTINCLUDE0x1b3da80x16dataChineseChina1.3636363636363635
                                                                      TEXTINCLUDE0x1b3dc00x151C source, ASCII text, with CRLF line terminatorsChineseChina0.6201780415430267
                                                                      WAVE0x1b3f140x1448RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 HzChineseChina0.8330123266563945
                                                                      RT_CURSOR0x1b535c0x134dataChineseChina0.5811688311688312
                                                                      RT_CURSOR0x1b54900x134Targa image data - Map 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                                                                      RT_CURSOR0x1b55c40x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                                                                      RT_CURSOR0x1b56f80xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                                                                      RT_CURSOR0x1b57ac0x134AmigaOS bitmap font "(", fc_YSize 4294967292, 3840 elements, 2nd "\377\370\017\377\377\374\037\377\377\376?\377\377\377\177\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.32792207792207795
                                                                      RT_CURSOR0x1b58e00x134AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.3246753246753247
                                                                      RT_BITMAP0x1b5a140x16cDevice independent bitmap graphic, 39 x 13 x 4, image size 260ChineseChina0.3598901098901099
                                                                      RT_BITMAP0x1b5b800x248Device independent bitmap graphic, 64 x 15 x 4, image size 480ChineseChina0.3407534246575342
                                                                      RT_BITMAP0x1b5dc80x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.4444444444444444
                                                                      RT_BITMAP0x1b5f0c0x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.26453488372093026
                                                                      RT_BITMAP0x1b60640x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2616279069767442
                                                                      RT_BITMAP0x1b61bc0x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2441860465116279
                                                                      RT_BITMAP0x1b63140x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.24709302325581395
                                                                      RT_BITMAP0x1b646c0x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2238372093023256
                                                                      RT_BITMAP0x1b65c40x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.19476744186046513
                                                                      RT_BITMAP0x1b671c0x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.20930232558139536
                                                                      RT_BITMAP0x1b68740x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.18895348837209303
                                                                      RT_BITMAP0x1b69cc0x5e4Device independent bitmap graphic, 70 x 39 x 4, image size 1404ChineseChina0.34615384615384615
                                                                      RT_BITMAP0x1b6fb00xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                                                                      RT_BITMAP0x1b70680x16cDevice independent bitmap graphic, 39 x 13 x 4, image size 260ChineseChina0.28296703296703296
                                                                      RT_BITMAP0x1b71d40x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                                                                      RT_ICON0x1b73180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.26344086021505375
                                                                      RT_ICON0x1b76000x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.41216216216216217
                                                                      RT_ICON0x1b77280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.26579320951141605
                                                                      RT_MENU0x1c7f500xcdataChineseChina1.5
                                                                      RT_MENU0x1c7f5c0x284dataChineseChina0.5
                                                                      RT_DIALOG0x1c81e00x98dataChineseChina0.7171052631578947
                                                                      RT_DIALOG0x1c82780x17adataChineseChina0.5185185185185185
                                                                      RT_DIALOG0x1c83f40xfadataChineseChina0.696
                                                                      RT_DIALOG0x1c84f00xeadataChineseChina0.6239316239316239
                                                                      RT_DIALOG0x1c85dc0x8aedataChineseChina0.39603960396039606
                                                                      RT_DIALOG0x1c8e8c0xb2dataChineseChina0.7359550561797753
                                                                      RT_DIALOG0x1c8f400xccdataChineseChina0.7647058823529411
                                                                      RT_DIALOG0x1c900c0xb2dataChineseChina0.6629213483146067
                                                                      RT_DIALOG0x1c90c00xe2dataChineseChina0.6637168141592921
                                                                      RT_DIALOG0x1c91a40x18cdataChineseChina0.5227272727272727
                                                                      RT_STRING0x1c93300x50dataChineseChina0.85
                                                                      RT_STRING0x1c93800x2cdataChineseChina0.5909090909090909
                                                                      RT_STRING0x1c93ac0x78dataChineseChina0.925
                                                                      RT_STRING0x1c94240x1c4dataChineseChina0.8141592920353983
                                                                      RT_STRING0x1c95e80x12adataChineseChina0.5201342281879194
                                                                      RT_STRING0x1c97140x146dataChineseChina0.6288343558282209
                                                                      RT_STRING0x1c985c0x40dataChineseChina0.65625
                                                                      RT_STRING0x1c989c0x64dataChineseChina0.73
                                                                      RT_STRING0x1c99000x1d8dataChineseChina0.6758474576271186
                                                                      RT_STRING0x1c9ad80x114dataChineseChina0.6376811594202898
                                                                      RT_STRING0x1c9bec0x24dataChineseChina0.4444444444444444
                                                                      RT_GROUP_CURSOR0x1c9c100x14dataChineseChina1.4
                                                                      RT_GROUP_CURSOR0x1c9c240x14dataChineseChina1.4
                                                                      RT_GROUP_CURSOR0x1c9c380x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                                                                      RT_GROUP_CURSOR0x1c9c4c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                                                                      RT_GROUP_CURSOR0x1c9c600x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                                                                      RT_GROUP_ICON0x1c9c840x14data1.25
                                                                      RT_GROUP_ICON0x1c9c980x14dataChineseChina1.2
                                                                      RT_GROUP_ICON0x1c9cac0x14dataChineseChina1.25
                                                                      RT_VERSION0x1c9cc00x254dataChineseChina0.6057046979865772
                                                                      RT_MANIFEST0x1c9f140x1cdXML 1.0 document, ASCII text, with very long lines (461), with no line terminators0.5878524945770065
                                                                      DLLImport
                                                                      WINMM.dllmidiOutReset, midiStreamStop, midiStreamRestart, waveOutUnprepareHeader, midiStreamClose, midiStreamOut, midiOutPrepareHeader, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutGetNumDevs, waveOutClose, waveOutReset, waveOutPause, waveOutWrite, waveOutPrepareHeader, waveOutRestart
                                                                      WS2_32.dllWSACleanup, accept, closesocket, inet_ntoa, ntohl, WSAAsyncSelect, getpeername, recv, ioctlsocket, recvfrom
                                                                      KERNEL32.dllSetLastError, GetTimeZoneInformation, GetVersion, CreateMutexA, ReleaseMutex, SuspendThread, InterlockedIncrement, InterlockedDecrement, LocalFree, FileTimeToSystemTime, FileTimeToLocalFileTime, lstrcpynA, DuplicateHandle, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, lstrcmpiA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, lstrcmpA, LocalAlloc, TlsAlloc, GlobalHandle, TlsFree, TlsSetValue, LocalReAlloc, TlsGetValue, GetFileTime, GetCurrentThread, GlobalFlags, SetErrorMode, GetProcessVersion, GetCPInfo, GetOEMCP, GetStartupInfoA, RtlUnwind, GetSystemTime, GetLocalTime, RaiseException, HeapSize, GetACP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, TerminateProcess, GetCurrentProcess, GetFileSize, SetFilePointer, TerminateThread, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, lstrlenW, GetModuleFileNameA, WideCharToMultiByte, MultiByteToWideChar, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock, FindFirstFileA, FindClose, GetFileAttributesA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, WaitForSingleObject, CloseHandle, InterlockedExchange
                                                                      USER32.dllScrollWindowEx, IsDialogMessageA, SetWindowTextA, MoveWindow, CheckMenuItem, SetMenuItemBitmaps, GetMenuState, GetMenuCheckMarkDimensions, LoadStringA, GetSysColorBrush, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, RegisterClipboardFormatA, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ClientToScreen, EnumDisplaySettingsA, LoadImageA, SystemParametersInfoA, ShowWindow, IsWindowEnabled, TranslateAcceleratorA, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, IsIconic, SetFocus, GetActiveWindow, GetWindow, SetWindowRgn, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, SendDlgItemMessageA, MapWindowPoints, AdjustWindowRectEx, GetScrollPos, RegisterClassA, GetMenuItemCount, GetMenuItemID, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, RegisterWindowMessageA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, DestroyWindow, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, CharUpperA, GetWindowTextLengthA, GetWindowTextA, FindWindowExA, GetDlgItem, GetClassNameA, GetDesktopWindow, UnregisterClassA, LoadIconA, TranslateMessage, DestroyAcceleratorTable, DrawFrameControl, GetMessagePos, InflateRect
                                                                      GDI32.dllRoundRect, GetTextMetricsA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetViewportExtEx, GetCurrentObject, DPtoLP, LPtoDP, Rectangle, Ellipse, GetTextExtentPoint32A, CreateCompatibleDC, BitBlt, StartPage, StartDocA, DeleteDC, EndDoc, EndPage, GetObjectA, GetStockObject, CreateFontIndirectA, CreateSolidBrush, FillRgn, CreateRectRgn, CombineRgn, PatBlt, CreatePen, SelectObject, CreateBitmap, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, PathToRegion, EndPath, BeginPath, GetWindowOrgEx, GetViewportOrgEx, GetWindowExtEx, GetDIBits, RealizePalette, SelectPalette, StretchBlt, CreatePalette, GetSystemPaletteEntries, CreateDIBitmap, DeleteObject, SelectClipRgn, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, CreateRectRgnIndirect, SetBkColor, SaveDC, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, ExcludeClipRect, MoveToEx, LineTo, ExtSelectClipRgn, GetDeviceCaps
                                                                      WINSPOOL.DRVClosePrinter, DocumentPropertiesA, OpenPrinterA
                                                                      comdlg32.dllGetFileTitleA, GetSaveFileNameA, GetOpenFileNameA, ChooseColorA
                                                                      ADVAPI32.dllRegQueryValueA, RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegCreateKeyExA
                                                                      SHELL32.dllShell_NotifyIconA, ShellExecuteA
                                                                      ole32.dllCLSIDFromProgID, OleInitialize, OleUninitialize, CLSIDFromString, CoCreateInstance, OleRun
                                                                      OLEAUT32.dllSafeArrayCreate, SafeArrayDestroy, SysAllocString, SafeArrayPutElement, RegisterTypeLib, LHashValOfNameSys, LoadTypeLib, VariantInit, UnRegisterTypeLib, VariantCopy, VariantClear, VariantChangeType, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayGetDim, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetElement, VariantCopyInd
                                                                      COMCTL32.dllImageList_Destroy

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      ChineseChina

                                                                      Network Behavior

                                                                      No network behavior found

                                                                      Statistics

                                                                      CPU Usage

                                                                      050100s020406080100

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      050100s0.00510MB

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:09:34:21
                                                                      Start date:24/11/2023
                                                                      Path:C:\Users\user\Desktop\TA.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\Desktop\TA.exe
                                                                      Imagebase:0x400000
                                                                      File size:1'617'920 bytes
                                                                      MD5 hash:C11A8A38C5E29BE8C6419D493DD2CBE4
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:false
                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                      Show Windows behavior

                                                                      Section Activities

                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                      Show Windows behavior

                                                                      Process Activities

                                                                      Show Windows behavior

                                                                      Thread Activities

                                                                      Show Windows behavior

                                                                      Memory Activities

                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                      Show Windows behavior

                                                                      Windows UI Activities

                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                      Disassembly

                                                                      Execution Graph

                                                                      Execution Coverage

                                                                      Dynamic/Packed Code Coverage

                                                                      Signature Coverage

                                                                      Execution Coverage:2%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:6.4%
                                                                      Total number of Nodes:543
                                                                      Total number of Limit Nodes:38
                                                                      Show Legend
                                                                      Hide Nodes/Edges
                                                                      execution_graph 20584 4da94d 20585 4da99c 20584->20585 20586 4da95b 20584->20586 20588 4db07c 103 API calls 20585->20588 20589 4da961 20585->20589 20590 4db07c 20586->20590 20588->20589 20591 4db08c 20590->20591 20592 4db150 20590->20592 20594 4db0c6 20591->20594 20597 4db09f IsWindowVisible 20591->20597 20593 4df724 28 API calls 20592->20593 20596 4db155 20593->20596 20628 4df724 20594->20628 20599 4dfcac 21 API calls 20596->20599 20597->20594 20600 4db0aa 20597->20600 20602 4db166 20599->20602 20617 4d79e7 20600->20617 20604 4db177 20602->20604 20648 4dbabd 28 API calls 20602->20648 20604->20589 20608 4db170 20649 4dbac6 58 API calls __startOneArgErrorHandling 20608->20649 20610 4db100 IsWindowVisible 20612 4db115 20610->20612 20614 4db0dc 20610->20614 20613 4d79e7 95 API calls 20612->20613 20647 4d9292 99 API calls 20612->20647 20613->20612 20614->20604 20614->20610 20614->20612 20616 4da584 ShowWindow 20614->20616 20644 4da584 20614->20644 20616->20614 20618 4d79f1 __EH_prolog 20617->20618 20619 4dfcac 21 API calls 20618->20619 20620 4d7a09 20619->20620 20621 4d7a66 20620->20621 20650 4d7874 GetWindowRect GetWindowLongA 20620->20650 20651 4d8a15 20621->20651 20624 4d7a8f 20627 4d9292 99 API calls 20624->20627 20627->20594 20629 4dfcac 21 API calls 20628->20629 20630 4df733 20629->20630 20631 4db0cb 20630->20631 20667 4dfd41 20630->20667 20633 4dfcac 20631->20633 20634 4dfcb5 20633->20634 20635 4dfce2 TlsGetValue 20633->20635 20637 4dfccf 20634->20637 20685 4df8ac RaiseException TlsAlloc InitializeCriticalSection 20634->20685 20636 4dfcf5 20635->20636 20640 4dfd1c 20636->20640 20641 4dfd08 20636->20641 20675 4df945 EnterCriticalSection 20637->20675 20639 4dfce0 20639->20635 20640->20614 20686 4dfab4 8 API calls __startOneArgErrorHandling 20641->20686 20645 4da58b ShowWindow 20644->20645 20646 4da59a 20644->20646 20645->20646 20646->20610 20647->20614 20648->20608 20649->20604 20650->20621 20657 4d7b19 20651->20657 20653 4d7a77 20653->20624 20656 4d7897 92 API calls 20653->20656 20656->20624 20658 4dfcac 21 API calls 20657->20658 20659 4d7b2b 20658->20659 20661 4d844b 2 API calls 20659->20661 20660 4d7b3e 20660->20653 20662 4d844b 20660->20662 20661->20660 20663 4d8458 20662->20663 20664 4d847a CallWindowProcA 20662->20664 20663->20664 20666 4d8466 DefWindowProcA 20663->20666 20665 4d848d 20664->20665 20665->20653 20666->20665 20668 4dfd4b __EH_prolog 20667->20668 20669 4dfd79 20668->20669 20673 4e09bd 6 API calls 20668->20673 20669->20631 20671 4dfd62 20674 4e0a2d LeaveCriticalSection 20671->20674 20673->20671 20674->20669 20677 4df964 20675->20677 20676 4dfa20 __startOneArgErrorHandling 20678 4dfa35 LeaveCriticalSection 20676->20678 20677->20676 20679 4df99e GlobalAlloc 20677->20679 20680 4df9b1 GlobalHandle GlobalUnlock GlobalReAlloc 20677->20680 20678->20639 20681 4df9d3 20679->20681 20680->20681 20682 4df9fc GlobalLock 20681->20682 20683 4df9e1 GlobalHandle GlobalLock LeaveCriticalSection 20681->20683 20682->20676 20687 4d3fb8 RaiseException 20683->20687 20685->20637 20686->20640 21248 4c754c RtlUnwind 21166 4d864c 74 API calls 21167 455240 59 API calls 21249 471d40 61 API calls 21168 4c4644 ExtTextOutA 21134 4c6547 21137 4c6559 21134->21137 21138 4c6556 21137->21138 21140 4c6560 __startOneArgErrorHandling 21137->21140 21140->21138 21141 4c6585 21140->21141 21142 4c65f5 21141->21142 21143 4c65b2 21141->21143 21147 4c6617 21142->21147 21155 4c65e0 21142->21155 21143->21155 21159 4cc544 29 API calls __startOneArgErrorHandling 21143->21159 21145 4c65c8 21160 4cdaf1 5 API calls __startOneArgErrorHandling 21145->21160 21146 4c6664 RtlAllocateHeap 21149 4c65e7 21146->21149 21162 4cc544 29 API calls __startOneArgErrorHandling 21147->21162 21149->21140 21151 4c65d3 21161 4c65ec LeaveCriticalSection __startOneArgErrorHandling 21151->21161 21152 4c661e 21163 4ce594 6 API calls __startOneArgErrorHandling 21152->21163 21155->21146 21155->21149 21156 4c6631 21164 4c664b LeaveCriticalSection __startOneArgErrorHandling 21156->21164 21158 4c663e 21158->21149 21158->21155 21159->21145 21160->21151 21161->21155 21162->21152 21163->21156 21164->21158 21250 4dc746 ScaleViewportExtEx ScaleViewportExtEx 20870 4d7c5e 20871 4d7c6b 20870->20871 20872 4d7c70 20870->20872 20878 4d7bd9 20872->20878 20874 4d7c79 20875 4d7c94 DefWindowProcA 20874->20875 20876 4d7c82 20874->20876 20875->20871 20877 4d79e7 95 API calls 20876->20877 20877->20871 20881 4d7b40 20878->20881 20880 4d7be0 20880->20874 20882 4d7b4a __EH_prolog 20881->20882 20883 4df74a 28 API calls 20882->20883 20884 4d7b50 20883->20884 20887 4d7b8e 20884->20887 20889 4d5eed 29 API calls __startOneArgErrorHandling 20884->20889 20886 4d7b72 20886->20887 20890 4dbbc0 29 API calls __EH_prolog 20886->20890 20887->20880 20889->20886 20890->20887 21254 4dd754 lstrlenA GetWindowTextA lstrcmpA SetWindowTextA 21170 4dfa57 EnterCriticalSection LeaveCriticalSection 21171 4da450 GetWindowLongA SetWindowLongA SetWindowPos 21172 4dee52 SetBkColor ExtTextOutA 21255 4da76e 105 API calls 21173 4c4669 TabbedTextOutA 21257 459d60 36 API calls 21174 465860 HeapAlloc 21175 46ec60 30 API calls 21176 461660 65 API calls 21177 488c60 52 API calls __ftol 21258 4d9367 SetScrollRange 21178 4d6861 40 API calls 21179 4de061 68 API calls 21181 4dc662 SetViewportOrgEx SetViewportOrgEx 21259 4dc962 MoveToEx MoveToEx 20688 4d857d 20689 4d8587 GetWindowTextLengthA 20688->20689 20692 4d85b3 20688->20692 20694 4d6607 20689->20694 20702 4d6590 20694->20702 20697 4d65df 20726 4d6155 34 API calls 20697->20726 20699 4d65e7 20700 4d65f8 20699->20700 20701 4d65f0 lstrlenA 20699->20701 20700->20692 20701->20700 20703 4d65a3 20702->20703 20707 4d65d7 GetWindowTextA 20703->20707 20708 4d6019 20703->20708 20705 4d65ba 20715 4d6114 32 API calls 20705->20715 20707->20697 20711 4d602e 20708->20711 20712 4d6025 20708->20712 20709 4d6036 20716 4c4b7e 20709->20716 20711->20709 20713 4d6075 20711->20713 20712->20705 20723 4d5eed 29 API calls __startOneArgErrorHandling 20713->20723 20715->20707 20724 4c8378 20716->20724 20718 4c4b88 EnterCriticalSection 20719 4c4ba6 20718->20719 20720 4c4bd7 LeaveCriticalSection 20718->20720 20725 4d59d6 29 API calls 20719->20725 20720->20712 20722 4c4bb8 20722->20720 20723->20712 20724->20718 20725->20722 20726->20699 21182 44ba70 154 API calls 21260 46eb70 50 API calls 21261 4c7f7a 46 API calls 21183 4d4874 SendMessageA 21263 4d4f76 13 API calls 21264 4ddf71 66 API calls 21184 4c4a71 37 API calls 21185 4cf671 61 API calls 21186 4d1a73 6 API calls 21187 4dd00d 40 API calls 21266 4d850c 8 API calls 21267 4d930f SetScrollPos 20891 4d7e0e 20892 4dfd41 7 API calls 20891->20892 20893 4d7e22 20892->20893 20894 4d7e6c 20893->20894 20925 4d9981 7 API calls 20893->20925 20897 4d7e70 20894->20897 20898 4d7caf 20894->20898 20926 4c8378 20898->20926 20900 4d7cb9 GetPropA 20901 4d7cec 20900->20901 20902 4d7d99 20900->20902 20903 4d7d78 20901->20903 20904 4d7cf5 20901->20904 20932 4d7bb2 58 API calls 20902->20932 20930 4d7bb2 58 API calls 20903->20930 20906 4d7cfa 20904->20906 20907 4d7d54 SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 20904->20907 20910 4d7d05 20906->20910 20911 4d7db7 CallWindowProcA 20906->20911 20907->20911 20908 4d7da1 20933 4d7bb2 58 API calls 20908->20933 20927 4d7bb2 58 API calls 20910->20927 20916 4d7d40 20911->20916 20913 4d7d7e 20931 4d7971 66 API calls 20913->20931 20915 4d7da9 20934 4d7910 64 API calls 20915->20934 20916->20897 20918 4d7d0b 20928 4d7874 GetWindowRect GetWindowLongA 20918->20928 20920 4d7d90 20921 4d7db3 20920->20921 20921->20911 20921->20916 20923 4d7d1b CallWindowProcA 20929 4d7897 92 API calls 20923->20929 20925->20894 20926->20900 20927->20918 20928->20923 20929->20916 20930->20913 20931->20920 20932->20908 20933->20915 20934->20921 21188 4d540b 32 API calls __startOneArgErrorHandling 21268 46c300 23 API calls 21269 485b00 72 API calls __setjmp3 21191 4da003 40 API calls __startOneArgErrorHandling 21192 4d8602 75 API calls 21270 4d991e 81 API calls 21271 465310 136 API calls 21273 4ac510 68 API calls 21274 4deb13 GetWindowLongA SendMessageA SendMessageA 21275 4d6713 77 API calls 21193 4df02d RaiseException LocalAlloc __EH_prolog 21194 4d6a2d 38 API calls 21197 46dc20 66 API calls 21198 48cc20 8 API calls 21199 4c8a26 30 API calls __startOneArgErrorHandling 21276 4db327 64 API calls 21200 4de221 72 API calls 21201 4d3620 LeaveCriticalSection 21278 4dd522 37 API calls 21202 46d830 55 API calls 21101 4d9437 21102 4dfcac 21 API calls 21101->21102 21103 4d9449 21102->21103 21106 4d9508 21103->21106 21107 4d954d 21106->21107 21108 4d9512 SendMessageA 21106->21108 21112 4d9563 21107->21112 21111 4d9533 21108->21111 21110 4d9460 21111->21110 21113 4d9576 21112->21113 21114 4d95e2 21112->21114 21116 4d95ba 21113->21116 21119 4d9578 21113->21119 21115 4d960d 21114->21115 21118 4d95f7 21114->21118 21120 4d961b 21115->21120 21121 4d95b5 21115->21121 21128 4dabb0 21116->21128 21132 4d8a59 71 API calls __EH_prolog 21118->21132 21119->21115 21119->21118 21123 4d958b 21119->21123 21133 4d8a59 71 API calls __EH_prolog 21120->21133 21121->21110 21123->21115 21126 4d9590 21123->21126 21125 4d960b 21125->21121 21127 4dabb0 28 API calls 21126->21127 21127->21121 21129 4dabc0 21128->21129 21131 4dabc5 21128->21131 21130 4df724 28 API calls 21129->21130 21130->21131 21131->21121 21132->21125 21133->21125 21204 4dc836 ScaleWindowExtEx ScaleWindowExtEx 21206 4c6ccb 35 API calls __startOneArgErrorHandling 21207 4decca GetWindowLongA SendMessageA SendMessageA SendMessageA 21209 4d6ec7 59 API calls 21211 4dc8de ExcludeClipRect ExcludeClipRect 21280 44c7d0 21 API calls 20949 4653d0 20952 4831a0 GetProcessHeap 20949->20952 20953 483203 OleInitialize 20952->20953 20954 483215 GetModuleFileNameA 20952->20954 20953->20954 20955 4c6c34 29 API calls 20954->20955 20956 483237 20955->20956 20957 48325b 20956->20957 20958 483240 20956->20958 21023 4d6137 35 API calls 20957->21023 20959 4d62e9 35 API calls 20958->20959 20961 483257 20959->20961 21005 4d62e9 20961->21005 20964 48329d 20965 4832d1 LoadCursorA GetStockObject 20964->20965 21010 466910 20965->21010 20970 483336 20976 4833aa 20970->20976 21024 44e3a0 7 API calls 20970->21024 20972 4653dd 20973 48337b 21025 44e3a0 7 API calls 20973->21025 20978 48346f 20976->20978 21028 44e3a0 7 API calls 20976->21028 20977 483456 21029 44e3a0 7 API calls 20977->21029 20978->20972 21030 4d6768 23 API calls 20978->21030 20979 483389 21026 44e3a0 7 API calls 20979->21026 20983 483399 21027 44e3a0 7 API calls 20983->21027 20985 48349b 21031 4dd0a5 29 API calls __EH_prolog 20985->21031 20987 4834de 21032 459b00 46 API calls 20987->21032 20989 4834f1 21033 4dd181 32 API calls __EH_prolog 20989->21033 20991 48350a 21034 4dd94d 39 API calls __EH_prolog 20991->21034 20993 483516 21035 4d67a6 23 API calls 20993->21035 20995 48351e 21036 4590c0 7 API calls 20995->21036 20997 48363c 21037 44de70 GetProcessHeap HeapFree 20997->21037 20999 483644 21038 459a40 64 API calls 20999->21038 21001 48365a 21039 44de70 GetProcessHeap HeapFree 21001->21039 21003 4836be 21040 44de70 GetProcessHeap HeapFree 21003->21040 21006 4d62f9 lstrlenA 21005->21006 21007 4d62f5 21005->21007 21006->21007 21041 4d626c 21007->21041 21009 48327a SetCurrentDirectoryA 21009->20964 21011 4df724 28 API calls 21010->21011 21012 46691a GetClassInfoA 21011->21012 21013 466932 21012->21013 21014 46697a 21012->21014 21051 4d8752 32 API calls __EH_prolog 21013->21051 21016 4d810e 21014->21016 21017 4df724 28 API calls 21016->21017 21018 4d8158 21017->21018 21022 483321 GetCurrentThreadId 21018->21022 21052 4d8080 21018->21052 21022->20970 21023->20961 21024->20973 21025->20979 21026->20983 21027->20976 21028->20977 21029->20978 21030->20985 21031->20987 21032->20989 21033->20991 21034->20993 21035->20995 21036->20997 21037->20999 21038->21001 21039->21003 21040->20972 21044 4d6183 21041->21044 21043 4d627a 21043->21009 21045 4d6193 21044->21045 21046 4d61a7 21045->21046 21050 4d60e3 32 API calls 21045->21050 21046->21043 21048 4d619f 21049 4d6019 31 API calls 21048->21049 21049->21046 21050->21048 21051->21014 21053 4dfcac 21 API calls 21052->21053 21054 4d8091 21053->21054 21055 4d80c4 CreateWindowExA 21054->21055 21056 4d80a2 GetCurrentThreadId SetWindowsHookExA 21054->21056 21059 4d80cc 21055->21059 21056->21055 21057 4d80bf 21056->21057 21066 4d3fb8 RaiseException 21057->21066 21060 4dfcac 21 API calls 21059->21060 21061 4d80dc 21060->21061 21062 4df724 28 API calls 21061->21062 21063 4d80e3 21062->21063 21064 4d80fb 21063->21064 21065 4d80f0 UnhookWindowsHookEx 21063->21065 21064->21022 21065->21064 21212 4652d0 68 API calls 21213 4d82da 64 API calls __startOneArgErrorHandling 21214 4d4ed4 35 API calls 21281 4d61d6 31 API calls 21215 4c54d1 39 API calls 21216 4c5ad3 44 API calls __startOneArgErrorHandling 21218 4ddaed 36 API calls 21282 4ddfec 11 API calls 21283 4d4fe9 SendMessageA GetParent 21219 4680e0 98 API calls 21284 46a5e0 34 API calls 21285 4dc7ea SetWindowExtEx SetWindowExtEx 21286 4c41e6 64 API calls 21287 4e0be4 6 API calls 21288 4e01fa GetMenuCheckMarkDimensions CreateBitmap LoadBitmapA __startOneArgErrorHandling 21289 4653f0 162 API calls 21290 46e3f0 52 API calls 21221 4dc6fa SetViewportExtEx SetViewportExtEx 21291 4d8ff5 73 API calls 21222 4e08f7 GetOEMCP GetCPInfo 21223 4da4f4 MoveWindow 21292 4d81f4 32 API calls 21294 4d87f3 35 API calls 21226 4de88d 77 API calls 21228 44ee80 68 API calls 21229 465880 7 API calls 21067 4d7e8a 21068 4dfcac 21 API calls 21067->21068 21069 4d7e9f 21068->21069 21070 4d7ebf 21069->21070 21071 4d7ea8 CallNextHookEx 21069->21071 21073 4df724 28 API calls 21070->21073 21072 4d8077 21071->21072 21074 4d7ecf 21073->21074 21075 4d7ef8 GetClassLongA 21074->21075 21076 4d7f44 21074->21076 21093 4d7fe7 CallNextHookEx 21074->21093 21077 4d7f0c 21075->21077 21075->21093 21079 4d7f4c 21076->21079 21080 4d7ff5 GetWindowLongA 21076->21080 21081 4d7f19 GlobalGetAtomNameA 21077->21081 21082 4d7f30 lstrcmpiA 21077->21082 21100 4d7bf7 58 API calls 21079->21100 21085 4d8005 GetPropA 21080->21085 21080->21093 21081->21082 21082->21076 21082->21093 21083 4d806a UnhookWindowsHookEx 21083->21072 21086 4d8018 SetPropA GetPropA 21085->21086 21085->21093 21088 4d802c GlobalAddAtomA 21086->21088 21086->21093 21087 4d7f54 21091 4d7fd2 21087->21091 21094 4d79e7 95 API calls 21087->21094 21089 4d8046 SetWindowLongA 21088->21089 21090 4d8041 21088->21090 21089->21093 21090->21089 21092 4d7fd7 SetWindowLongA 21091->21092 21092->21093 21093->21072 21093->21083 21095 4d7f97 21094->21095 21095->21091 21096 4d7f9e 21095->21096 21097 4d7fa3 GetWindowLongA 21096->21097 21098 4d7fc0 21097->21098 21098->21093 21099 4d7fc4 SetWindowLongA 21098->21099 21099->21093 21100->21087 21230 4db284 29 API calls 21231 4d9081 74 API calls 21233 4dc083 10 API calls 20727 4c4c9d GetVersion 20759 4c9e81 HeapCreate 20727->20759 20729 4c4cfb 20730 4c4d08 20729->20730 20731 4c4d00 20729->20731 20771 4c9c3e 37 API calls __startOneArgErrorHandling 20730->20771 20779 4c4dca 8 API calls __startOneArgErrorHandling 20731->20779 20735 4c4d0d 20736 4c4d19 20735->20736 20737 4c4d11 20735->20737 20772 4c9a82 34 API calls __startOneArgErrorHandling 20736->20772 20780 4c4dca 8 API calls __startOneArgErrorHandling 20737->20780 20741 4c4d23 GetCommandLineA 20773 4c9950 37 API calls __startOneArgErrorHandling 20741->20773 20743 4c4d33 20781 4c9703 49 API calls __startOneArgErrorHandling 20743->20781 20745 4c4d3d 20774 4c964a 48 API calls __startOneArgErrorHandling 20745->20774 20747 4c4d42 20748 4c4d47 GetStartupInfoA 20747->20748 20775 4c95f2 48 API calls 20748->20775 20750 4c4d59 20751 4c4d62 20750->20751 20752 4c4d6b GetModuleHandleA 20751->20752 20776 4d384b 20752->20776 20756 4c4d86 20783 4c947a 36 API calls __startOneArgErrorHandling 20756->20783 20758 4c4d97 20760 4c9ed7 20759->20760 20761 4c9ea1 20759->20761 20760->20729 20784 4c9d39 57 API calls 20761->20784 20763 4c9ea6 20764 4c9ebd 20763->20764 20765 4c9eb0 20763->20765 20766 4c9eda 20764->20766 20786 4ce29c 5 API calls __startOneArgErrorHandling 20764->20786 20785 4cd755 HeapAlloc 20765->20785 20766->20729 20768 4c9eba 20768->20766 20770 4c9ecb HeapDestroy 20768->20770 20770->20760 20771->20735 20772->20741 20773->20743 20774->20747 20775->20750 20787 4dc1b0 20776->20787 20781->20745 20782 4c8933 32 API calls 20782->20756 20783->20758 20784->20763 20785->20768 20786->20768 20798 4daf1a 20787->20798 20790 4df724 28 API calls 20791 4dc1c2 20790->20791 20803 4e053c SetErrorMode SetErrorMode 20791->20803 20795 4c4d7d 20795->20782 20796 4dc1f7 20814 4e0d25 60 API calls 20796->20814 20797 4d6019 31 API calls 20797->20796 20815 4df74a 20798->20815 20801 4daf2b 20801->20790 20802 4df724 28 API calls 20802->20801 20804 4df724 28 API calls 20803->20804 20805 4e0553 20804->20805 20806 4df724 28 API calls 20805->20806 20807 4e0562 20806->20807 20808 4e0588 20807->20808 20820 4e059f 20807->20820 20810 4df724 28 API calls 20808->20810 20811 4e058d 20810->20811 20812 4dc1da 20811->20812 20839 4daf2f 20811->20839 20812->20796 20812->20797 20814->20795 20816 4df724 28 API calls 20815->20816 20817 4df74f 20816->20817 20818 4dfcac 21 API calls 20817->20818 20819 4daf1f 20818->20819 20819->20801 20819->20802 20821 4df724 28 API calls 20820->20821 20822 4e05b2 GetModuleFileNameA 20821->20822 20850 4c6c34 20822->20850 20824 4e05e4 20856 4e06bc lstrlenA lstrcpynA 20824->20856 20826 4e0600 20827 4e0616 20826->20827 20861 4c88db 29 API calls __startOneArgErrorHandling 20826->20861 20838 4e0650 20827->20838 20857 4dba96 20827->20857 20829 4e0668 lstrcpyA 20863 4c88db 29 API calls __startOneArgErrorHandling 20829->20863 20832 4e0692 lstrcatA 20864 4c88db 29 API calls __startOneArgErrorHandling 20832->20864 20833 4e0683 20833->20832 20836 4e06b0 20833->20836 20836->20808 20838->20829 20838->20833 20840 4df724 28 API calls 20839->20840 20841 4daf34 20840->20841 20849 4daf8c 20841->20849 20867 4df4f7 20841->20867 20844 4dfd41 7 API calls 20845 4daf6a 20844->20845 20846 4daf77 20845->20846 20848 4df724 28 API calls 20845->20848 20847 4dfcac 21 API calls 20846->20847 20847->20849 20848->20846 20849->20812 20851 4c6c51 20850->20851 20852 4c6c42 20850->20852 20865 4cc544 29 API calls __startOneArgErrorHandling 20851->20865 20852->20824 20854 4c6c59 20866 4cc5a5 LeaveCriticalSection 20854->20866 20856->20826 20858 4df724 28 API calls 20857->20858 20859 4dba9c LoadStringA 20858->20859 20860 4dbab7 20859->20860 20862 4c88db 29 API calls __startOneArgErrorHandling 20860->20862 20861->20827 20862->20838 20863->20833 20864->20836 20865->20854 20866->20852 20868 4dfcac 21 API calls 20867->20868 20869 4daf40 GetCurrentThreadId SetWindowsHookExA 20868->20869 20869->20844 21295 4dc79e SetWindowOrgEx SetWindowOrgEx 20935 44dc90 20936 44dc9c 20935->20936 20941 44dcac 20935->20941 20944 44dd60 7 API calls 20936->20944 20938 44dca6 20939 44dd1f GetProcessHeap 20940 44dd2a RtlAllocateHeap 20939->20940 20943 44dd41 20940->20943 20941->20939 20941->20940 20942 44dcb4 20941->20942 20944->20938 21296 4d6d98 GetFileTitleA lstrlenA lstrlenA lstrcpynA 21297 4d939a GetScrollRange 21298 4da39a ScrollWindowEx 21234 4d98ad 25 API calls 21301 4d45ac 66 API calls 21235 4dc6ae OffsetViewportOrgEx OffsetViewportOrgEx 21236 44e0a0 82 API calls 21237 4cf8a9 38 API calls __startOneArgErrorHandling 20945 4654a0 20946 4654cf 20945->20946 20947 46550d KiUserCallbackDispatcher 20946->20947 20948 4654d8 20946->20948 20947->20948 21303 4711a0 30 API calls 21241 4dcaa3 GetWindowExtEx GetViewportExtEx MulDiv MulDiv 21242 4c46bd GrayStringA 21243 4d9cbf 100 API calls 21305 44a1b0 36 API calls 21244 4c72bb 46 API calls 21306 4dfbba EnterCriticalSection LeaveCriticalSection LocalFree TlsSetValue 21245 4dd6b4 GetClassNameA lstrcmpiA 21307 4da9b7 11 API calls

                                                                      Executed Functions

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 66 4831a0-483201 GetProcessHeap 67 483203-48320b OleInitialize 66->67 68 483215-48323e GetModuleFileNameA call 4c6c34 66->68 67->68 71 48325b-48326e call 4d6137 68->71 72 483240-483259 call 4d62e9 68->72 77 48326f-48331c call 4d62e9 SetCurrentDirectoryA call 470b20 * 3 LoadCursorA GetStockObject call 466910 call 4d810e 71->77 72->77 89 483321-483334 GetCurrentThreadId 77->89 90 483355-48335d 89->90 91 483336-48334f 89->91 92 483403-48340d 90->92 93 483363-4833ae call 44e3a0 * 4 90->93 91->90 95 48346f-483475 92->95 96 48340f-483413 92->96 121 4833b0-4833bb 93->121 122 4833d2-4833d6 93->122 97 48347b-48353d call 44dc70 call 4d6768 call 4dd8c4 call 4dd910 call 4dd0a5 call 459b00 call 4dd209 call 4dd181 call 4dd94d call 4d67a6 95->97 98 4836d4-4836e4 95->98 100 48343d-48346a call 44e3a0 * 2 96->100 101 483415-48341f 96->101 144 48362a-4836cf call 4590c0 call 44de70 call 459a40 call 44de70 * 2 97->144 145 483543-483546 97->145 100->95 105 483438-48343b 101->105 106 483421-483426 101->106 105->100 105->101 106->105 110 483428-483432 106->110 110->105 124 4833cd-4833d0 121->124 125 4833bd-4833c5 121->125 122->92 126 4833d8-4833e3 122->126 124->121 124->122 125->124 129 4833c7-4833ca 125->129 130 4833fe-483401 126->130 131 4833e5-4833f6 126->131 129->124 130->92 130->126 131->130 133 4833f8-4833fb 131->133 133->130 144->98 147 483549-483555 145->147 149 48355b 147->149 150 483614-483624 147->150 152 48355e-483575 call 458a60 call 459140 149->152 150->144 150->147 162 4835af-4835ea call 4ad960 * 3 152->162 163 483577-48359c call 4ad960 * 3 152->163 178 483608-48360e 162->178 179 4835ec-4835f1 162->179 180 48359e-4835a5 163->180 181 4835a7-4835ad 163->181 178->150 178->152 182 4835fc 179->182 183 4835f3-4835fa 179->183 180->178 181->178 184 483602-483606 182->184 183->184 184->178 184->179
                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32 ref: 004831C9
                                                                      • OleInitialize.OLE32(00000000), ref: 00483205
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00483223
                                                                      • SetCurrentDirectoryA.KERNEL32(024756B8,?), ref: 0048327D
                                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 004832D8
                                                                      • GetStockObject.GDI32(00000005), ref: 004832F9
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00483321
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
                                                                      • String ID: DgN$_EL_HideOwner
                                                                      • API String ID: 3783217854-2273571843
                                                                      • Opcode ID: 6573bc120fcd08392a50a9eb261ae532185e036a453b8d2307cc37febe671254
                                                                      • Instruction ID: fdcd251d8525fff00b6bb89ed264e33e579b02e55b8cd79e2940b1d1866cb1fe
                                                                      • Opcode Fuzzy Hash: 6573bc120fcd08392a50a9eb261ae532185e036a453b8d2307cc37febe671254
                                                                      • Instruction Fuzzy Hash: 70E1C270A002059FCB14EF59CC91BEE77B4FF54709F14016EE909AB392DB38AA45CB68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 004DFCAC: TlsGetValue.KERNEL32(005ACB54,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000,?,004D3860,00000000,00000000,00000000,00000000), ref: 004DFCEB
                                                                      • CallNextHookEx.USER32(?,00000003,?,?), ref: 004D7EB4
                                                                      • GetClassLongA.USER32(?,000000E6), ref: 004D7EFB
                                                                      • GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 004D7F27
                                                                      • lstrcmpiA.KERNEL32(?,ime), ref: 004D7F36
                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 004D7FA9
                                                                      • SetWindowLongA.USER32(?,000000FC,00000000), ref: 004D7FCA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
                                                                      • String ID: AfxOldWndProc423$ime
                                                                      • API String ID: 3731301195-104836986
                                                                      • Opcode ID: e1c9f2459cdcfed0721209c03a5f32d241a7cafa2983af9e1ffae3814bc006c8
                                                                      • Instruction ID: 9de596a74c7267e2098c2726417f630085f57e074dab43b545ab25c25cb92664
                                                                      • Opcode Fuzzy Hash: e1c9f2459cdcfed0721209c03a5f32d241a7cafa2983af9e1ffae3814bc006c8
                                                                      • Instruction Fuzzy Hash: 7151B131604215AFCB219F64DC58B6F7BA8BF04361F11456BF915AB391EB38DD04CBA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(005ACB70,005ACB44,00000000,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DF954
                                                                      • GlobalAlloc.KERNELBASE(00002002,00000000,?,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DF9A9
                                                                      • GlobalHandle.KERNEL32(006543C8), ref: 004DF9B2
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DF9BB
                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 004DF9CD
                                                                      • GlobalHandle.KERNEL32(006543C8), ref: 004DF9E4
                                                                      • GlobalLock.KERNEL32(00000000,?,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DF9EB
                                                                      • LeaveCriticalSection.KERNEL32(}ML,?,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DF9F1
                                                                      • GlobalLock.KERNEL32(00000000,?,?,005ACB54,005ACB54,004DFCE0,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000), ref: 004DFA00
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DFA49
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                      • String ID: }ML
                                                                      • API String ID: 2667261700-2580881122
                                                                      • Opcode ID: 0ed9c751770610c3b35159a883332169977f7610d81c8d4a3ab51a55195be274
                                                                      • Instruction ID: 83611e0958350375e018c43e97e93ee5def499c17ac43c89ae27c1fd2ea16af3
                                                                      • Opcode Fuzzy Hash: 0ed9c751770610c3b35159a883332169977f7610d81c8d4a3ab51a55195be274
                                                                      • Instruction Fuzzy Hash: 8F31A0B1600705AFD7249F28DC99A2AB7E9EF44305F010A7FE896C7762E775E8488B14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004D7CB4
                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 004D7CCC
                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 004D7D2A
                                                                        • Part of subcall function 004D7897: GetWindowRect.USER32(?,?), ref: 004D78BC
                                                                        • Part of subcall function 004D7897: GetWindow.USER32(?,00000004), ref: 004D78D9
                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 004D7D5A
                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 004D7D62
                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 004D7D69
                                                                      • GlobalDeleteAtom.KERNEL32(00000000), ref: 004D7D70
                                                                        • Part of subcall function 004D7874: GetWindowRect.USER32(?,?), ref: 004D7880
                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 004D7DC4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                                                                      • String ID: AfxOldWndProc423
                                                                      • API String ID: 2397448395-1060338832
                                                                      • Opcode ID: 9caa9fcf0e6dca13615981efc81154c1414d5d414bf407ff9bef612a2b403c0c
                                                                      • Instruction ID: c43f365e85056147f42e60b23b584860e1c5b3cc66016076def448e6e92d9422
                                                                      • Opcode Fuzzy Hash: 9caa9fcf0e6dca13615981efc81154c1414d5d414bf407ff9bef612a2b403c0c
                                                                      • Instruction Fuzzy Hash: 8F31BE3280415ABBCF01AFA5DD59EFF7B79EF45314F00012BF901A6251EB398A10DBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 212 4e053c-4e0567 SetErrorMode * 2 call 4df724 * 2 217 4e0588-4e0592 call 4df724 212->217 218 4e0569-4e0583 call 4e059f 212->218 222 4e0599-4e059c 217->222 223 4e0594 call 4daf2f 217->223 218->217 223->222
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00000000,00000000,004DC1DA,00000000,00000000,00000000,00000000,?,00000000,?,004D3860,00000000,00000000,00000000,00000000,004C4D7D), ref: 004E0545
                                                                      • SetErrorMode.KERNELBASE(00000000,?,00000000,?,004D3860,00000000,00000000,00000000,00000000,004C4D7D,00000000), ref: 004E054C
                                                                        • Part of subcall function 004E059F: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004E05D0
                                                                        • Part of subcall function 004E059F: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 004E0671
                                                                        • Part of subcall function 004E059F: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 004E069E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                                      • String ID: }ML
                                                                      • API String ID: 3389432936-2580881122
                                                                      • Opcode ID: 5611d4f1a15e9461892856bf788e57f058eb97d6fb7b6f09476c5710fd60710f
                                                                      • Instruction ID: 5126ce68953263f311205eef6b9d7fb433d220999a7f393460d0a5ec4d1895e8
                                                                      • Opcode Fuzzy Hash: 5611d4f1a15e9461892856bf788e57f058eb97d6fb7b6f09476c5710fd60710f
                                                                      • Instruction Fuzzy Hash: 01F0A9B4A042509FC724EF65D050A497BE8AF48310F0584AFF4549B3A3CBB8D840CFAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 225 44dc90-44dc9a 226 44dcac-44dcb2 225->226 227 44dc9c-44dca9 call 44dd60 225->227 229 44dcb4-44dcb9 226->229 230 44dcbc-44dcc8 226->230 232 44dd16-44dd1d 230->232 233 44dcca-44dcd0 230->233 234 44dd1f-44dd25 GetProcessHeap 232->234 235 44dd2a-44dd3f RtlAllocateHeap 232->235 233->232 236 44dcd2-44dcd8 233->236 234->235 238 44dd41-44dd4a 235->238 239 44dd4d-44dd56 235->239 236->232 237 44dcda-44dd13 call 4ad980 236->237
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52d47daf2eae6346564c57be6076b865b2a3d0d90ac26795a9fd6b51b9346fb0
                                                                      • Instruction ID: db89ed8f85784dd9dda7ccd1d5b72e64c27ff4349d6d94d434e46a580a19f2e1
                                                                      • Opcode Fuzzy Hash: 52d47daf2eae6346564c57be6076b865b2a3d0d90ac26795a9fd6b51b9346fb0
                                                                      • Instruction Fuzzy Hash: 6A213EB2B007008FE720DF6AE884A57F7E8EBA4765B10853FE159C7611D375E805CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 242 4c9e81-4c9e9f HeapCreate 243 4c9ed7-4c9ed9 242->243 244 4c9ea1-4c9eae call 4c9d39 242->244 247 4c9ebd-4c9ec0 244->247 248 4c9eb0-4c9ebb call 4cd755 244->248 249 4c9eda-4c9edd 247->249 250 4c9ec2 call 4ce29c 247->250 254 4c9ec7-4c9ec9 248->254 250->254 254->249 255 4c9ecb-4c9ed1 HeapDestroy 254->255 255->243
                                                                      APIs
                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,004C4CFB,00000001), ref: 004C9E92
                                                                        • Part of subcall function 004C9D39: GetVersionExA.KERNEL32 ref: 004C9D58
                                                                      • HeapDestroy.KERNEL32 ref: 004C9ED1
                                                                        • Part of subcall function 004CD755: HeapAlloc.KERNEL32(00000000,00000140,004C9EBA,000003F8), ref: 004CD762
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$AllocCreateDestroyVersion
                                                                      • String ID:
                                                                      • API String ID: 2507506473-0
                                                                      • Opcode ID: 2711aeb23006ba46fc36033523c7c16c49aa413f71e384f016ced726cee6b1e8
                                                                      • Instruction ID: 5ca0a53a077d4e782b8114648d1d51012406ab5744cb6696afcea1e80c3f6000
                                                                      • Opcode Fuzzy Hash: 2711aeb23006ba46fc36033523c7c16c49aa413f71e384f016ced726cee6b1e8
                                                                      • Instruction Fuzzy Hash: E2F06C7961130166DBE05B315D49F2F2794D770752F14086FF505C81D1E778CD809519
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 256 4d844b-4d8456 257 4d8458-4d8464 256->257 258 4d847a-4d8487 CallWindowProcA 256->258 257->258 261 4d8466-4d8478 DefWindowProcA 257->261 259 4d848d-4d848f 258->259 261->259
                                                                      APIs
                                                                      • DefWindowProcA.USER32(?,?,?,?), ref: 004D8472
                                                                      • CallWindowProcA.USER32(?,?,?,?,?), ref: 004D8487
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ProcWindow$Call
                                                                      • String ID:
                                                                      • API String ID: 2316559721-0
                                                                      • Opcode ID: faba5de038d817c3d0eefaf0937c76e7d36280abc6b783a97644f4ad5233f2cc
                                                                      • Instruction ID: 7dc3968cd36eb2c14251df19428e5bae6973bc99bd8d7102da7d608aed01626c
                                                                      • Opcode Fuzzy Hash: faba5de038d817c3d0eefaf0937c76e7d36280abc6b783a97644f4ad5233f2cc
                                                                      • Instruction Fuzzy Hash: A1F0AC36101249FFDF219F95DC44EAA7BB9FF183A1B04852AF94586630DB32D860AB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 262 4daf2f-4daf38 call 4df724 265 4daf8d 262->265 266 4daf3a-4daf65 call 4df4f7 GetCurrentThreadId SetWindowsHookExA call 4dfd41 262->266 270 4daf6a-4daf70 266->270 271 4daf7d-4daf8c call 4dfcac 270->271 272 4daf72-4daf77 call 4df724 270->272 271->265 272->271
                                                                      APIs
                                                                      • GetCurrentThreadId.KERNEL32 ref: 004DAF42
                                                                      • SetWindowsHookExA.USER32(000000FF,004DB284,00000000,00000000), ref: 004DAF52
                                                                        • Part of subcall function 004DFD41: __EH_prolog.LIBCMT ref: 004DFD46
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentH_prologHookThreadWindows
                                                                      • String ID:
                                                                      • API String ID: 2183259885-0
                                                                      • Opcode ID: 18bfc288ae6b6b997c2f16b55f5c309a1524614fc4b99a9b5e62a957fef9b89c
                                                                      • Instruction ID: f807ea01b9d943ab4977975be72e683a374ba75624b7fc4786974defe6f499ee
                                                                      • Opcode Fuzzy Hash: 18bfc288ae6b6b997c2f16b55f5c309a1524614fc4b99a9b5e62a957fef9b89c
                                                                      • Instruction Fuzzy Hash: FCF0A0326007406BC7303BB1A82DB5A3AD0AF01768F1506BFF5534A3E2CB6C9889875E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 277 4d8080-4d809a call 4dfcac 280 4d809c-4d80a0 277->280 281 4d80c7-4d80c9 277->281 282 4d80c4 280->282 283 4d80a2-4d80bd GetCurrentThreadId SetWindowsHookExA 280->283 282->281 283->282 284 4d80bf call 4d3fb8 283->284 284->282
                                                                      APIs
                                                                        • Part of subcall function 004DFCAC: TlsGetValue.KERNEL32(005ACB54,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000,?,004D3860,00000000,00000000,00000000,00000000), ref: 004DFCEB
                                                                      • GetCurrentThreadId.KERNEL32 ref: 004D80A2
                                                                      • SetWindowsHookExA.USER32(00000005,004D7E8A,00000000,00000000), ref: 004D80B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentHookThreadValueWindows
                                                                      • String ID:
                                                                      • API String ID: 933525246-0
                                                                      • Opcode ID: 77209014498e4ddcd30d3fff216f07c703cc0e6ef6d269b3598123bb75bb86b9
                                                                      • Instruction ID: f2cff284130588b22d49d57e5db42366450bbe0c7d1bce11a09dbc52d0d22105
                                                                      • Opcode Fuzzy Hash: 77209014498e4ddcd30d3fff216f07c703cc0e6ef6d269b3598123bb75bb86b9
                                                                      • Instruction Fuzzy Hash: A1E06571601B005EC3316F665815B2776E4FBE0B51F12467FE20687380D63498098F7D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 286 4d857d-4d8585 287 4d85b5-4d85b7 286->287 288 4d8587-4d85ae GetWindowTextLengthA call 4d6607 GetWindowTextA call 4d65df 286->288 291 4d85c1-4d85c2 287->291 293 4d85b3 288->293 293->291
                                                                      APIs
                                                                      • GetWindowTextLengthA.USER32(?), ref: 004D858A
                                                                      • GetWindowTextA.USER32(?,00000000,00000000), ref: 004D85A2
                                                                        • Part of subcall function 004D65DF: lstrlenA.KERNEL32(?,00000100,004DBA88,000000FF,0055EE7C,00000000,000000FF,00000100,|U,0055EE7C,?,00000100,00000000,0045D2A0), ref: 004D65F2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow$Lengthlstrlen
                                                                      • String ID:
                                                                      • API String ID: 288803333-0
                                                                      • Opcode ID: ff85530cdc68d8fae279095be87dbc1477bb8da15dcc12150de19ecd164f7fe4
                                                                      • Instruction ID: 754cee02f27077af11706367464bb1f7051de8a5c5ebf0baaf0fbf3bf650d8ea
                                                                      • Opcode Fuzzy Hash: ff85530cdc68d8fae279095be87dbc1477bb8da15dcc12150de19ecd164f7fe4
                                                                      • Instruction Fuzzy Hash: 2BE03931108201EFCB189F64E868C6A7BE5AFA8310B118A2EB456872B1CE31A841CB19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 294 4c6585-4c65b0 295 4c65f5-4c65f8 294->295 296 4c65b2-4c65bb 294->296 297 4c6654-4c6659 295->297 299 4c65fa-4c65ff 295->299 296->297 298 4c65c1-4c65e5 call 4cc544 call 4cdaf1 call 4c65ec 296->298 301 4c665e-4c6663 297->301 302 4c665b-4c665d 297->302 298->297 319 4c65e7 298->319 303 4c6609-4c660b 299->303 304 4c6601-4c6607 299->304 306 4c6664-4c666c RtlAllocateHeap 301->306 302->301 307 4c660c-4c6615 303->307 304->307 311 4c6672-4c6680 306->311 308 4c6645-4c6646 307->308 309 4c6617-4c6643 call 4cc544 call 4ce594 call 4c664b 307->309 308->306 309->308 309->311 319->311
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 004C666C
                                                                        • Part of subcall function 004CC544: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC581
                                                                        • Part of subcall function 004CC544: EnterCriticalSection.KERNEL32(?,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC59C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                      • String ID:
                                                                      • API String ID: 1616793339-0
                                                                      • Opcode ID: d8bc89fe536b4a81b92af55ffdb24975ff76ed435fa4285b97122eb899d0fbea
                                                                      • Instruction ID: 5e66c8fab1fceaffc83b275e88fb1d93fd5480fb06ff0720992bf7aebd3b5e71
                                                                      • Opcode Fuzzy Hash: d8bc89fe536b4a81b92af55ffdb24975ff76ed435fa4285b97122eb899d0fbea
                                                                      • Instruction Fuzzy Hash: C9210636B00214ABDB90DB69DC42F9E77A8EB10724F25822FF414EB2C0C77CE9419A5C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 322 4d79e7-4d7a3c call 4c8378 call 4dfcac 327 4d7a4c-4d7a56 322->327 328 4d7a3e-4d7a43 322->328 330 4d7a58-4d7a61 call 4d7874 327->330 331 4d7a66-4d7a71 call 4d8a15 327->331 328->327 329 4d7a45-4d7a47 328->329 329->327 330->331 333 4d7a77-4d7a80 331->333 334 4d7ac5-4d7ae1 333->334 335 4d7a82-4d7a8f call 4d7897 333->335 335->334
                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004D79EC
                                                                        • Part of subcall function 004DFCAC: TlsGetValue.KERNEL32(005ACB54,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000,?,004D3860,00000000,00000000,00000000,00000000), ref: 004DFCEB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: H_prologValue
                                                                      • String ID:
                                                                      • API String ID: 3700342317-0
                                                                      • Opcode ID: e4a170ec094c078993e32931897f746cdc3c737b61339cb1522554e69a231f5d
                                                                      • Instruction ID: 76c16f621a9649f3993d128120498ad93879a21339d10decd9dd1cd5e1bbc1ba
                                                                      • Opcode Fuzzy Hash: e4a170ec094c078993e32931897f746cdc3c737b61339cb1522554e69a231f5d
                                                                      • Instruction Fuzzy Hash: 93214672900209ABCF01DF54C881AEE7BB9FF44318F10406BF909AB341E779AE54CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 339 4d810e-4d8171 call 4df724 343 4d8181-4d81b4 call 4d8080 CreateWindowExA call 4d80cc 339->343 344 4d8173-4d817f 339->344 350 4d81b9-4d81bb 343->350 348 4d81cf-4d81d1 344->348 351 4d81bd-4d81bf 350->351 352 4d81c7-4d81ce 350->352 351->352 352->348
                                                                      APIs
                                                                      • CreateWindowExA.USER32(00000000,00000080,00483321,?,?,?,?,?,?,?,?,?), ref: 004D81AC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: a355703a82054e3011e150b9972b767433a2c183369d4316d27044d5149c0ead
                                                                      • Instruction ID: 34adc0eb61b6438077f35b71b575aa95cb8fc07a932d06f392b50bb8ef1a6f84
                                                                      • Opcode Fuzzy Hash: a355703a82054e3011e150b9972b767433a2c183369d4316d27044d5149c0ead
                                                                      • Instruction Fuzzy Hash: 00319C79A00219AFCF01DFA8C844AEEBBF1BF5C304B15456AF918E7310D7359A519F94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 353 4654a0-4654d6 call 45ee80 356 4654dc-4654ea 353->356 357 4654d8-4654da 353->357 359 4654f5-4654f9 356->359 358 465543-465549 357->358 360 46550d-465529 KiUserCallbackDispatcher 359->360 361 4654fb-46550b 359->361 363 46553e 360->363 364 46552b-46553b 360->364 362 4654ec-4654f2 361->362 362->359 363->358 364->363
                                                                      APIs
                                                                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?), ref: 0046550D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CallbackDispatcherUser
                                                                      • String ID:
                                                                      • API String ID: 2492992576-0
                                                                      • Opcode ID: 6e89aa943a3de9a2d92d8b3ce70426922a27c51abeca03959b079b1f7047bedc
                                                                      • Instruction ID: 45efe66bd03f340d5675baa1cffeb0d449f355e52448ef667a07c7e5f82e83e8
                                                                      • Opcode Fuzzy Hash: 6e89aa943a3de9a2d92d8b3ce70426922a27c51abeca03959b079b1f7047bedc
                                                                      • Instruction Fuzzy Hash: C9211074A00209EFCB04CF99C584AEEBBB5FF48355F10816AE8099B341D734AE81CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageA.USER32(?,?,?,?), ref: 004D9525
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 8f7576425cf19c3deec8956cfb221486bfe255350af551a60c9dfdfdbe2588ab
                                                                      • Instruction ID: 4937815a7516a28d50c1a4e03df4f40ae7d7cc8248f465135b0c1aa018df21bf
                                                                      • Opcode Fuzzy Hash: 8f7576425cf19c3deec8956cfb221486bfe255350af551a60c9dfdfdbe2588ab
                                                                      • Instruction Fuzzy Hash: D6F06D33100209BFEF529F50E860BEA372AAF00350F50403BFD19A9261C336DD61DB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0a6ae5103da4e7f270c4c053e0552e5006f4f9a73a776912ff52ab38d73b738
                                                                      • Instruction ID: 7f3b56547e9a4fee48db88d2104f6fffcce83e4388cd75423181d2d1d3f8e4fc
                                                                      • Opcode Fuzzy Hash: a0a6ae5103da4e7f270c4c053e0552e5006f4f9a73a776912ff52ab38d73b738
                                                                      • Instruction Fuzzy Hash: 7CF0A032018219FFCF125F919D10EEF3B28AF05761F008043FA0555211D339D660EBAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LoadStringA.USER32(?,?,?,?), ref: 004DBAAD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: LoadString
                                                                      • String ID:
                                                                      • API String ID: 2948472770-0
                                                                      • Opcode ID: c3bae8fd1673283fdd51d21ee33b6d04828270a48c0e711db11ba3724cd72a1f
                                                                      • Instruction ID: 685ff4fa7c8730cd21f192ab32986505bfd1df21e2cb7b508ba9da780e490e0a
                                                                      • Opcode Fuzzy Hash: c3bae8fd1673283fdd51d21ee33b6d04828270a48c0e711db11ba3724cd72a1f
                                                                      • Instruction Fuzzy Hash: D6D05E721083A19BCB119F908844C8BBBA4AF55260B050C0EF49043213C324C444876A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ShowWindow.USER32(?,?,004DB144,?,?,?,00000363,00000001,00000000,?,?,?,004DA9A9,?), ref: 004DA592
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ShowWindow
                                                                      • String ID:
                                                                      • API String ID: 1268545403-0
                                                                      • Opcode ID: 0830965a249a80d5977f33be4815df061f79ba56262facb925ec6141dc026488
                                                                      • Instruction ID: 96512b08482fdb56da6138a53cd10b8f3281e18112d9b73c7c0d5d0f97903995
                                                                      • Opcode Fuzzy Hash: 0830965a249a80d5977f33be4815df061f79ba56262facb925ec6141dc026488
                                                                      • Instruction Fuzzy Hash: E6D09E30304200AFCB058F60D954A1A77A1BF95705F604969E1468A261D736DC62EB16
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,00000000,0057EF98,00000000), ref: 0045D924
                                                                      • LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,?,0055ECD4,?,?,?,?,?,?,00000000,0057EF98,00000000), ref: 0045D961
                                                                      • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 0045D997
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,0057EF98,00000000), ref: 0045D9A2
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,0057EF98,00000000), ref: 0045D9B0
                                                                      • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0045DABD
                                                                      • RegisterTypeLib.OLEAUT32(00000000,00000000), ref: 0045DAF2
                                                                      • CLSIDFromString.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,0057EF98,00000000), ref: 0045DBB7
                                                                      • UnRegisterTypeLib.OLEAUT32(?,00000000,00000000,00000000,00000001), ref: 0045DBD3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Library$LoadType$FreeRegister$AddressFromProcString
                                                                      • String ID: DllRegisterServer$DllUnregisterServer
                                                                      • API String ID: 2476498075-2931954178
                                                                      • Opcode ID: 0ada414cba6e6334da734b08fa92407a1e18be5fb9c253f7856fe077d546ad65
                                                                      • Instruction ID: 504529da1826606cc144151f4dc041437bfd7490746e58532ec9cce85ba5bf9a
                                                                      • Opcode Fuzzy Hash: 0ada414cba6e6334da734b08fa92407a1e18be5fb9c253f7856fe077d546ad65
                                                                      • Instruction Fuzzy Hash: 7FB193B19002499BDB10EFA5C855BAE77B8EF54318F11411EFC15AB382DB38AE09CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetCurrentThreadId.KERNEL32 ref: 0045DC75
                                                                      • IsWindow.USER32(00010462), ref: 0045DC91
                                                                      • SendMessageA.USER32(00010462,000083E7,?,00000000), ref: 0045DCAA
                                                                      • ExitProcess.KERNEL32 ref: 0045DCBF
                                                                      • FreeLibrary.KERNEL32(?), ref: 0045DDA3
                                                                      • FreeLibrary.KERNEL32 ref: 0045DDF7
                                                                      • DestroyIcon.USER32(00030461), ref: 0045DE47
                                                                      • DestroyIcon.USER32(00010475), ref: 0045DE5E
                                                                      • IsWindow.USER32(00010462), ref: 0045DE75
                                                                      • DestroyIcon.USER32(?,00000001,00000000,000000FF), ref: 0045DF24
                                                                      • WSACleanup.WS2_32 ref: 0045DF6F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: DestroyIcon$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
                                                                      • String ID:
                                                                      • API String ID: 3816745216-0
                                                                      • Opcode ID: c7338d1aacbe7236a221afee4c9d2e1a216819ce5da70dac32fe5b88c8d5e2a1
                                                                      • Instruction ID: 27d7a65dbfe2ba99ab0ebc0978efec8cc19ccbe631589b13ec032aacfbb10531
                                                                      • Opcode Fuzzy Hash: c7338d1aacbe7236a221afee4c9d2e1a216819ce5da70dac32fe5b88c8d5e2a1
                                                                      • Instruction Fuzzy Hash: 3DB19D70A00B019BD734DF65C8D1BABB3E5BF58305F50452EE96A8B392CB34B949CB48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004D6C07
                                                                      • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 004D6C25
                                                                      • lstrcpynA.KERNEL32(?,?,00000104), ref: 004D6C34
                                                                      • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 004D6C68
                                                                      • CharUpperA.USER32(?), ref: 004D6C79
                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 004D6C8F
                                                                      • FindClose.KERNEL32(00000000), ref: 004D6C9B
                                                                      • lstrcpyA.KERNEL32(?,?), ref: 004D6CAB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
                                                                      • String ID:
                                                                      • API String ID: 304730633-0
                                                                      • Opcode ID: 3af43b129c74ae213abd0df4b480e6027b0d211dcacf16ca2e6aa41b37c8a472
                                                                      • Instruction ID: a92251aed4a5c5059a29a32a6ba2e51078317aaf5c4fe728c2c763367769680c
                                                                      • Opcode Fuzzy Hash: 3af43b129c74ae213abd0df4b480e6027b0d211dcacf16ca2e6aa41b37c8a472
                                                                      • Instruction Fuzzy Hash: 8D21AF31900158ABCB10DF65DC88EEF7F7CEF557A0F01812AF919E6261D7388A05CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004CC544: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC581
                                                                        • Part of subcall function 004CC544: EnterCriticalSection.KERNEL32(?,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC59C
                                                                        • Part of subcall function 004CC5A5: LeaveCriticalSection.KERNEL32(?,004C6652,00000009,004C663E,00000000,?,00000000,00000000,00000000), ref: 004CC5B2
                                                                      • GetTimeZoneInformation.KERNEL32(0000000C,?,?,?,0000000B,0000000B,?,004D0F0D,004D0B36,?,?,?,?,004C786E,?,?), ref: 004D0F6A
                                                                      • WideCharToMultiByte.KERNEL32(00000220,005AD18C,000000FF,0000003F,00000000,?,?,004D0F0D,004D0B36,?,?,?,?,004C786E,?,?), ref: 004D1000
                                                                      • WideCharToMultiByte.KERNEL32(00000220,005AD1E0,000000FF,0000003F,00000000,?,?,004D0F0D,004D0B36,?,?,?,?,004C786E,?,?), ref: 004D1039
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
                                                                      • String ID: L'W
                                                                      • API String ID: 3442286286-2836126596
                                                                      • Opcode ID: c019a3f956d9b7139110b1387eaa0832b078e8afd6c58bd4b836a4081c837d20
                                                                      • Instruction ID: 12ea676991a6e5e5fc3fb63560985b11c004a3fedb2340e53776f4383ef1803c
                                                                      • Opcode Fuzzy Hash: c019a3f956d9b7139110b1387eaa0832b078e8afd6c58bd4b836a4081c837d20
                                                                      • Instruction Fuzzy Hash: 30610570504251BAD729AF25FD62B6A3FA8FB16310F14012FE949873B1D37849C6E729
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetLocalTime.KERNEL32(?), ref: 004C77AD
                                                                      • GetSystemTime.KERNEL32(?), ref: 004C77B7
                                                                      • GetTimeZoneInformation.KERNEL32(?), ref: 004C780C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Time$InformationLocalSystemZone
                                                                      • String ID:
                                                                      • API String ID: 2475273158-0
                                                                      • Opcode ID: 969c42104a5016c89dbbe8afdcef2bf8c8e76a8f67bd1929b8ae8fe2ae0c30f3
                                                                      • Instruction ID: 5f92756b889d26b9b55bfc7a91e39e46369f6d3fd0ef0b806c24da87ce073921
                                                                      • Opcode Fuzzy Hash: 969c42104a5016c89dbbe8afdcef2bf8c8e76a8f67bd1929b8ae8fe2ae0c30f3
                                                                      • Instruction Fuzzy Hash: 68212F2D804119DACB61BFA8D848EFFB7B9BB15710F500116FA15A62D0E3788D86DB78
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b44b918602f9d554e2c32a75c7762b28b495a78629ba9b5d1ca8a3d4ff6f61d6
                                                                      • Instruction ID: 4f34807882bfb299c9a8f910f0b28e3c57600a5fd4444ebe413873007a2a3f37
                                                                      • Opcode Fuzzy Hash: b44b918602f9d554e2c32a75c7762b28b495a78629ba9b5d1ca8a3d4ff6f61d6
                                                                      • Instruction Fuzzy Hash: 09F01D3D500189AADF416FA1DD54FAE3BA8AF44348F44802EF816D5061D738CA159B79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetKeyState.USER32(00000010), ref: 004DB303
                                                                      • GetKeyState.USER32(00000011), ref: 004DB30C
                                                                      • GetKeyState.USER32(00000012), ref: 004DB315
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: State
                                                                      • String ID:
                                                                      • API String ID: 1649606143-0
                                                                      • Opcode ID: a8801f79ffd367ea5737210e07a9c6838b57784ace315a8b6fb0035ed0de8f39
                                                                      • Instruction ID: a68b48ea995e66c05d84271410fac0f084828a5cdd1d9a58fc63904572c6c7cf
                                                                      • Opcode Fuzzy Hash: a8801f79ffd367ea5737210e07a9c6838b57784ace315a8b6fb0035ed0de8f39
                                                                      • Instruction Fuzzy Hash: 63E02B34500649DDEF005782CB50FF52690CF047D0F834857EE80AB291C7A88842B7EC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004D8A5E
                                                                      • GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 004D8C11
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: H_prologVersion
                                                                      • String ID:
                                                                      • API String ID: 1836448879-0
                                                                      • Opcode ID: 792281d8a8489ada074eae6b6c3c5c086b985369aa62140145853d24903462c4
                                                                      • Instruction ID: ed398a3d42865ecbc70f25a441c1e7304f7ff310a58e66a42b7bef973616eead
                                                                      • Opcode Fuzzy Hash: 792281d8a8489ada074eae6b6c3c5c086b985369aa62140145853d24903462c4
                                                                      • Instruction Fuzzy Hash: 47E16B70604219ABDB14DF65CCA0ABF77A9EF04714F10855FF816DA382DB38EA01DB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetVersion.KERNEL32(?,004E09CD,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004E093D
                                                                      • InitializeCriticalSection.KERNEL32(005ACCE0,?,004E09CD,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F,004DAF1F), ref: 004E0962
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalInitializeSectionVersion
                                                                      • String ID:
                                                                      • API String ID: 385228656-0
                                                                      • Opcode ID: da500562644aeb542b1fc652f71b38f65c6ed0cef8a807e923462532744102ca
                                                                      • Instruction ID: 40dea5f5b85a13d5514cafa9b5d9dd6a2789779c7c88f19b5d664bca45f50eef
                                                                      • Opcode Fuzzy Hash: da500562644aeb542b1fc652f71b38f65c6ed0cef8a807e923462532744102ca
                                                                      • Instruction Fuzzy Hash: 43E086704802518BFB135F06FD053967FA9B737312F400016E01959167C7F95885D68C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1659829dac62dfabc3edc44c1c4159b017eae97ebd1c8c266f2be7eadf858eb2
                                                                      • Instruction ID: ab763fe70ea7398f6dea8ecad38705bb9d861929e6c5023466c2c631393cedb1
                                                                      • Opcode Fuzzy Hash: 1659829dac62dfabc3edc44c1c4159b017eae97ebd1c8c266f2be7eadf858eb2
                                                                      • Instruction Fuzzy Hash: B9926471604B418FD329CF29C1906ABBBE2BF99304F248D2EC5DB87B61D674B845CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c4cca6a1b4d654e0ff73fa36bd6f0b56a0b9b26491df436a03da666ed77d6be5
                                                                      • Instruction ID: 212ed0fe82069d79e1348df3f2e8e8fba631e16d0711e39cbfae2947714c133f
                                                                      • Opcode Fuzzy Hash: c4cca6a1b4d654e0ff73fa36bd6f0b56a0b9b26491df436a03da666ed77d6be5
                                                                      • Instruction Fuzzy Hash: 8332A670E00605DFCB14DFA9C891BAEB7B5BF48314F24426EE415A7381EB78AD41CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8de0d625c6b4c12d9b31367d47feb6f82eb3ad3201da0f80bc8c66c2d7cfb426
                                                                      • Instruction ID: 3c8ce7ed79edbe86a5ecfc5338c7058b5bd3f35768aac8e463ae66f264a02f03
                                                                      • Opcode Fuzzy Hash: 8de0d625c6b4c12d9b31367d47feb6f82eb3ad3201da0f80bc8c66c2d7cfb426
                                                                      • Instruction Fuzzy Hash: 11E1D131D45219DEEF258F64CA657BEBBB1BB74300F28406BE941A6381C3FD8982D719
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a516ef1941e70e3fd6244ab4613590ac7db147817fed8907f73bf36dfc0d2483
                                                                      • Instruction ID: 39f09528e3990f912769509487c4b54681096c129de1cde2cde089e980a11139
                                                                      • Opcode Fuzzy Hash: a516ef1941e70e3fd6244ab4613590ac7db147817fed8907f73bf36dfc0d2483
                                                                      • Instruction Fuzzy Hash: 1FC1CB715087908FD725CE09C0A53ABBBE2AF91704F9A455FE48247362FA3C9C59CB4B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                      • Instruction ID: b1f5bd235a738c04b678cca883465b2212c59e00ef3455c4b0fc60486cd72d95
                                                                      • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                      • Instruction Fuzzy Hash: 94B18D3990021ADFDB15CF05C5D0BA9BBA1BF58318F28C1AED81A5B342C735EE52CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004DA41C: GetWindowLongA.USER32(?,000000F0), ref: 004DA428
                                                                      • GetParent.USER32(?), ref: 004D9AE1
                                                                      • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 004D9B04
                                                                      • GetWindowRect.USER32(?,?), ref: 004D9B1D
                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 004D9B30
                                                                      • CopyRect.USER32(?,?), ref: 004D9B7D
                                                                      • CopyRect.USER32(?,?), ref: 004D9B87
                                                                      • GetWindowRect.USER32(00000000,?), ref: 004D9B90
                                                                      • CopyRect.USER32(?,?), ref: 004D9BAC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                      • String ID: ($@
                                                                      • API String ID: 808654186-1311469180
                                                                      • Opcode ID: df412912238d5e8f05e5c975a32771c14857713f2a887202c10db23084179afd
                                                                      • Instruction ID: 6ee6417109053931a0b90e21fc91f691cda67ff9bed7d6a15da86026a4de1d8a
                                                                      • Opcode Fuzzy Hash: df412912238d5e8f05e5c975a32771c14857713f2a887202c10db23084179afd
                                                                      • Instruction Fuzzy Hash: 94516076A00219AFCB10DBA8DC99EEEBBB9AF44314F15412BE901F7385D734ED058B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(USER32,?,?,?,004C4881), ref: 004C476A
                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 004C4782
                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 004C4793
                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 004C47A4
                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 004C47B5
                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 004C47C6
                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 004C47D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$HandleModule
                                                                      • String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                      • API String ID: 667068680-2376520503
                                                                      • Opcode ID: aaaccefbde70baf68657c3e89ce7998a5bc9f44ebaa1519f353dcbcaeed026d1
                                                                      • Instruction ID: 0edeb5687ef78a42d8b28f24b1cfade7290c7e117daf3566240b847f8f1d689d
                                                                      • Opcode Fuzzy Hash: aaaccefbde70baf68657c3e89ce7998a5bc9f44ebaa1519f353dcbcaeed026d1
                                                                      • Instruction Fuzzy Hash: CC118E7DA002089FC741AF65ACD3D6ABEE4B39FB54390083FD005D2691DB364489AF78
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004DFCAC: TlsGetValue.KERNEL32(005ACB54,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB,?,00000000,?,004D3860,00000000,00000000,00000000,00000000), ref: 004DFCEB
                                                                      • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 004D4604
                                                                      • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 004D4610
                                                                      • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 004D461C
                                                                      • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 004D4628
                                                                      • RegisterClipboardFormatA.USER32(commdlg_help), ref: 004D4634
                                                                      • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 004D4640
                                                                        • Part of subcall function 004DA2D9: SetWindowLongA.USER32(?,000000FC,00000000), ref: 004DA308
                                                                      • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 004D4733
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ClipboardFormatRegister$LongMessageSendValueWindow
                                                                      • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                      • API String ID: 3913284445-3888057576
                                                                      • Opcode ID: 8dc45b6c36c6f285d822db7dd10d96786c96af3b66a981236ef73c548b0d2c9c
                                                                      • Instruction ID: daf3fe51e2cc270f2e7f805edac00c09ff09f807811401f79e8ad62873c578dc
                                                                      • Opcode Fuzzy Hash: 8dc45b6c36c6f285d822db7dd10d96786c96af3b66a981236ef73c548b0d2c9c
                                                                      • Instruction Fuzzy Hash: E641B231600204AFCF219F65EC69AAE3FE5FB92355F01042BF8469B3A1C7799850DF99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 0044BA9B
                                                                      • VariantInit.OLEAUT32(00000000), ref: 0044BACA
                                                                      • VariantCopyInd.OLEAUT32(00000000), ref: 0044BAD2
                                                                      • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 0044BB75
                                                                        • Part of subcall function 00465910: HeapAlloc.KERNEL32(00640000,00000000,00000008,?,?,0044BA31,00000008,?), ref: 00465921
                                                                      • VariantCopyInd.OLEAUT32(?), ref: 0044BD55
                                                                      • VariantChangeType.OLEAUT32(00000000,?,00000000,?), ref: 0044BD70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$CopyInit$AllocArrayChangeElementHeapSafeType
                                                                      • String ID: ]T$]T
                                                                      • API String ID: 3823512745-3709380629
                                                                      • Opcode ID: 6b678fbbcc9d018e0035369ead35b31dead8205d199d8da095210e74ab43cc1a
                                                                      • Instruction ID: 2e9e65c7c4d547c0d5b384b4df77b564669e02b66c11ac7bb89505709a414bc5
                                                                      • Opcode Fuzzy Hash: 6b678fbbcc9d018e0035369ead35b31dead8205d199d8da095210e74ab43cc1a
                                                                      • Instruction Fuzzy Hash: AAD169B4508341CFE714DF15C884A6ABBE5FF88754F20892EE88987361E738D945CBD6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(00000000,0056ED94), ref: 0045CF37
                                                                      • LoadLibraryA.KERNEL32(?,?,0057F168), ref: 0045D029
                                                                      • LoadLibraryA.KERNEL32(?,?), ref: 0045D06F
                                                                      • LoadLibraryA.KERNEL32(?,?,0057F070,00000001), ref: 0045D0B7
                                                                      • LoadLibraryA.KERNEL32(00000001), ref: 0045D0CD
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0045D0DF
                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0045D172
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressProc$Free
                                                                      • String ID: LU$dU
                                                                      • API String ID: 3120990465-537161074
                                                                      • Opcode ID: 7b0867114aa77441a6a8dc7890b56c23a84eb0d8f4e44162e15c038781de695e
                                                                      • Instruction ID: 5c988fee3cc78004d185fbc8f948aaddbecf6aae1c4a7f1822ce152653e3df38
                                                                      • Opcode Fuzzy Hash: 7b0867114aa77441a6a8dc7890b56c23a84eb0d8f4e44162e15c038781de695e
                                                                      • Instruction Fuzzy Hash: CCA1B2B1A00701ABD724DF65C881B6BB7A8BF99714F04462EFC5587342D738E909CB9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,004C4D33), ref: 004C996B
                                                                      • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,004C4D33), ref: 004C997F
                                                                      • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,004C4D33), ref: 004C99AB
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004C4D33), ref: 004C99E3
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004C4D33), ref: 004C9A05
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,004C4D33), ref: 004C9A1E
                                                                      • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,004C4D33), ref: 004C9A31
                                                                      • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004C9A6F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                      • String ID: 3ML
                                                                      • API String ID: 1823725401-3822173736
                                                                      • Opcode ID: e483cfc5f5aeb521f79a85cf47a95b6715d7a2f25bbe213e38bf0766362fa6ce
                                                                      • Instruction ID: 8311a7a0ebf6eaaeffef1d74011a14a713670c630a20263484ad5a008c6b4dfc
                                                                      • Opcode Fuzzy Hash: e483cfc5f5aeb521f79a85cf47a95b6715d7a2f25bbe213e38bf0766362fa6ce
                                                                      • Instruction Fuzzy Hash: 8C3107BA5082917FD7A07BB46CCCE3B769CE655354B12093FF542C3311EA2A8C4186AD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetStockObject.GDI32(00000011), ref: 004DC09F
                                                                      • GetStockObject.GDI32(0000000D), ref: 004DC0A7
                                                                      • GetObjectA.GDI32(00000000,0000003C,?), ref: 004DC0B4
                                                                      • GetDC.USER32(00000000), ref: 004DC0C3
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004DC0DA
                                                                      • MulDiv.KERNEL32(?,00000048,00000000), ref: 004DC0E6
                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 004DC0F1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Object$Stock$CapsDeviceRelease
                                                                      • String ID: System
                                                                      • API String ID: 46613423-3470857405
                                                                      • Opcode ID: b4025b011fbc79104d544e9983b17815ae075d2a4bff4996443e36c01e3dd89f
                                                                      • Instruction ID: f25031320124bda4b3ab205433a829000a15df69fbaa4fc8a84779cbd1cefb22
                                                                      • Opcode Fuzzy Hash: b4025b011fbc79104d544e9983b17815ae075d2a4bff4996443e36c01e3dd89f
                                                                      • Instruction Fuzzy Hash: 4D117331B40319EFEB109BA5DC85FAE7BB8EF14794F014026FA01EA281D7759D41CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,004CA03B,?,Microsoft Visual C++ Runtime Library,00012010,?,00550214,?,00550264,?,?,?,Runtime Error!Program: ), ref: 004D1504
                                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004D151C
                                                                      • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004D152D
                                                                      • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004D153A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                      • API String ID: 2238633743-4044615076
                                                                      • Opcode ID: ba08d69de26cb4ab61a919a5f114d727b892e0ff76331fd9d46e91969c96a614
                                                                      • Instruction ID: 3e822d2ced158acacc65293147a15696e0d5186d059b563a7a16441cb2f39924
                                                                      • Opcode Fuzzy Hash: ba08d69de26cb4ab61a919a5f114d727b892e0ff76331fd9d46e91969c96a614
                                                                      • Instruction Fuzzy Hash: 81017975700201BB8710AFB5ACA4A2B7EF8EBD97917000437ED03C2671D778C405EB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,004DA286,?,00020000), ref: 004D9F95
                                                                      • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 004D9F9E
                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004D9FB2
                                                                      • #17.COMCTL32 ref: 004D9FCD
                                                                      • #17.COMCTL32 ref: 004D9FE9
                                                                      • FreeLibrary.KERNEL32(00000000), ref: 004D9FF5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                      • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                      • API String ID: 1437655972-4218389149
                                                                      • Opcode ID: f1cfd056dd332fbda95648b5a14472fc19f814fbbe0bf4724bd6fd0389a8f7c0
                                                                      • Instruction ID: 61436bfa9939e72db6d853513be36b31494ce4a6fdf134a0709c4f7ef1044549
                                                                      • Opcode Fuzzy Hash: f1cfd056dd332fbda95648b5a14472fc19f814fbbe0bf4724bd6fd0389a8f7c0
                                                                      • Instruction Fuzzy Hash: F4F0C8326043534B8711DFA4ACCC95F76E8BBA47A1B06043BF800E7301DB24CD098B79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CompareStringW.KERNEL32(00000000,00000000,0055049C,00000001,0055049C,00000001,00000000,0247119C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004C53B3), ref: 004D1D70
                                                                      • CompareStringA.KERNEL32(00000000,00000000,00550498,00000001,00550498,00000001), ref: 004D1D8D
                                                                      • CompareStringA.KERNEL32(0049D7D6,00000000,00000000,00000000,004C53B3,00000000,00000000,0247119C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004C53B3), ref: 004D1DEB
                                                                      • GetCPInfo.KERNEL32(00000000,00000000,00000000,0247119C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004C53B3,00000000), ref: 004D1E3C
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 004D1EBB
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 004D1F1C
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 004D1F2F
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 004D1F7B
                                                                      • CompareStringW.KERNEL32(0049D7D6,00000000,00000000,00000000,?,00000000,?,00000000), ref: 004D1F93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharCompareMultiStringWide$Info
                                                                      • String ID:
                                                                      • API String ID: 1651298574-0
                                                                      • Opcode ID: 8b05be0e1aa6418021d4f9eeefe589793826369cc81991db5096f04bc2c560dc
                                                                      • Instruction ID: d027743c986cc65dd2e5c1bb1ca99afb713756b149d6f81ed6b1bf78529549ed
                                                                      • Opcode Fuzzy Hash: 8b05be0e1aa6418021d4f9eeefe589793826369cc81991db5096f04bc2c560dc
                                                                      • Instruction Fuzzy Hash: 74718A72904249BFDF21AF508CA59EF7BBAEB06344F10412BFD11A6370D3398851DBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LCMapStringW.KERNEL32(00000000,00000100,0055049C,00000001,00000000,00000000,74DEE860,005B0E24,?,?,?,004C69FD,?,?,?,00000000), ref: 004CD486
                                                                      • LCMapStringA.KERNEL32(00000000,00000100,00550498,00000001,00000000,00000000,?,?,004C69FD,?,?,?,00000000,00000001), ref: 004CD4A2
                                                                      • LCMapStringA.KERNEL32(?,?,?,004C69FD,?,?,74DEE860,005B0E24,?,?,?,004C69FD,?,?,?,00000000), ref: 004CD4EB
                                                                      • MultiByteToWideChar.KERNEL32(?,005B0E25,?,004C69FD,00000000,00000000,74DEE860,005B0E24,?,?,?,004C69FD,?,?,?,00000000), ref: 004CD523
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,004C69FD,?,00000000,?,?,004C69FD,?), ref: 004CD57B
                                                                      • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,004C69FD,?), ref: 004CD591
                                                                      • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,004C69FD,?), ref: 004CD5C4
                                                                      • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,004C69FD,?), ref: 004CD62C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: String$ByteCharMultiWide
                                                                      • String ID:
                                                                      • API String ID: 352835431-0
                                                                      • Opcode ID: d482dc463cc63c90d7326a045e609895a83e16087151ce2ab482a0fb59ba004d
                                                                      • Instruction ID: 7920ae35dee012841890ee717b47bbe39aa770e909ae49faec03fda78989d165
                                                                      • Opcode Fuzzy Hash: d482dc463cc63c90d7326a045e609895a83e16087151ce2ab482a0fb59ba004d
                                                                      • Instruction Fuzzy Hash: 5C519C35900249BFCF229F94CC85EAF7FB5FB88754F10412AF906A1260D33A8D61DB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 004C9F84
                                                                      • GetStdHandle.KERNEL32(000000F4,00550214,00000000,00000000,00000000,?), ref: 004CA05A
                                                                      • WriteFile.KERNEL32(00000000), ref: 004CA061
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: File$HandleModuleNameWrite
                                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                      • API String ID: 3784150691-4022980321
                                                                      • Opcode ID: 1b89d57975efdacd6b8d2fb541fbb2a0f1acb9cfe24a4becef69a005bfa04fa9
                                                                      • Instruction ID: 77fda2b2710b967065f7ae1ed3fbb310309ffa7d69d765cd9778be33bcd8468e
                                                                      • Opcode Fuzzy Hash: 1b89d57975efdacd6b8d2fb541fbb2a0f1acb9cfe24a4becef69a005bfa04fa9
                                                                      • Instruction Fuzzy Hash: 3D312776A002086FDF60EA61CC89F9E376CFB55349F10016FF944D6191E678EE458B1A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 0048CC38
                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 0048CC41
                                                                      • GetDeviceCaps.GDI32(?,0000006E), ref: 0048CC52
                                                                      • GetDeviceCaps.GDI32(?,0000006F), ref: 0048CC6F
                                                                      • GetDeviceCaps.GDI32(?,00000070), ref: 0048CC84
                                                                      • GetDeviceCaps.GDI32(?,00000071), ref: 0048CC99
                                                                      • GetDeviceCaps.GDI32(?,00000008), ref: 0048CCAE
                                                                      • GetDeviceCaps.GDI32(?,0000000A), ref: 0048CCC3
                                                                        • Part of subcall function 0048CA00: __ftol.LIBCMT ref: 0048CA05
                                                                        • Part of subcall function 0048CA30: __ftol.LIBCMT ref: 0048CA35
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDevice$__ftol
                                                                      • String ID:
                                                                      • API String ID: 1555043975-0
                                                                      • Opcode ID: 77249ed60365cbb8f50c20734e34b125e65fc2d289e9c0c88f2dbc0d57399074
                                                                      • Instruction ID: bd83162587e3f4e95c8fd15054bb97a1d8a2c003472ebb3e2d7cc8856262b536
                                                                      • Opcode Fuzzy Hash: 77249ed60365cbb8f50c20734e34b125e65fc2d289e9c0c88f2dbc0d57399074
                                                                      • Instruction Fuzzy Hash: 28514470608744ABD300EF6AD885A6FBBE4FFC9704F01495DF68496290DB72D9248BA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalLock.KERNEL32(?), ref: 004DA9D7
                                                                      • lstrcmpA.KERNEL32(?,?), ref: 004DA9E3
                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 004DA9F5
                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004DAA18
                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004DAA20
                                                                      • GlobalLock.KERNEL32(00000000), ref: 004DAA2D
                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 004DAA3A
                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 004DAA58
                                                                        • Part of subcall function 004DD83C: GlobalFlags.KERNEL32(?), ref: 004DD846
                                                                        • Part of subcall function 004DD83C: GlobalUnlock.KERNEL32(?,?,?,?,0045A580,?,?,?,?,?,?,?,?,0046531D), ref: 004DD85D
                                                                        • Part of subcall function 004DD83C: GlobalFree.KERNEL32(?), ref: 004DD868
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                      • String ID:
                                                                      • API String ID: 168474834-0
                                                                      • Opcode ID: e64a2dec857dce45b1c1425b6eb460161fb9163b544da365d87dccfc47245440
                                                                      • Instruction ID: 858062e84b0f9b1d743d5a60623d18d2d82792b7921fc1889d451c951ade0770
                                                                      • Opcode Fuzzy Hash: e64a2dec857dce45b1c1425b6eb460161fb9163b544da365d87dccfc47245440
                                                                      • Instruction Fuzzy Hash: 2D11C171100104BADB21ABB6CDAAEAFBBADEB85740F00001BF609C5312D639DE10D729
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateFileA.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,?,?,00000000), ref: 004D2ABE
                                                                      • GetLastError.KERNEL32 ref: 004D2ACA
                                                                      • GetFileType.KERNEL32(00000000), ref: 004D2ADF
                                                                      • CloseHandle.KERNEL32(00000000), ref: 004D2AEA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateErrorHandleLastType
                                                                      • String ID: @$H
                                                                      • API String ID: 1809617866-104103126
                                                                      • Opcode ID: 99543a4d417a02166b88c959cca010bd662e1c037d62c054a44dd8a39c57bbaf
                                                                      • Instruction ID: f6433d4ed763f4a3f0211d78166ec98f0ab1a8703802e90e97fdb971cdcfbf9c
                                                                      • Opcode Fuzzy Hash: 99543a4d417a02166b88c959cca010bd662e1c037d62c054a44dd8a39c57bbaf
                                                                      • Instruction Fuzzy Hash: 5F815871A042055BEF308EA8CA747AF7B60EF31324F24429BE8616A3D1C7FC8D45875A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004DFD41: __EH_prolog.LIBCMT ref: 004DFD46
                                                                        • Part of subcall function 004DA41C: GetWindowLongA.USER32(?,000000F0), ref: 004DA428
                                                                      • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 004DE661
                                                                      • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004DE670
                                                                      • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 004DE689
                                                                      • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 004DE6B1
                                                                      • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004DE6C0
                                                                      • SendMessageA.USER32(?,00000198,?,?), ref: 004DE6D6
                                                                      • PtInRect.USER32(?,000000FF,?), ref: 004DE6E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$H_prologLongRectWindow
                                                                      • String ID:
                                                                      • API String ID: 2846605207-0
                                                                      • Opcode ID: 0cb89a3206d63253d4f2e6a88a0dbeaa1b7ea2c021d3cbecfc38f0523bca16b7
                                                                      • Instruction ID: db97211d3d297dff9e9fe43ce5e4188a564db3b28e6253a3302191c2ab7dc20b
                                                                      • Opcode Fuzzy Hash: 0cb89a3206d63253d4f2e6a88a0dbeaa1b7ea2c021d3cbecfc38f0523bca16b7
                                                                      • Instruction Fuzzy Hash: DA312970A0020DFFDB10EF95CD95DAEB7B9EF54348F10816AE501AB2A1D674AE129B14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 004E0A7C
                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 004E0A9F
                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 004E0ABE
                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004E0ACE
                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004E0AD8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreate$Open
                                                                      • String ID: software
                                                                      • API String ID: 1740278721-2010147023
                                                                      • Opcode ID: 38bc9668b365e7f7c9fdf723baa9ef7a4dd5e5289219ddd6560884f818d1f4f0
                                                                      • Instruction ID: e8c6663e5ec7ff26bff8e30ae57831e3d48ff35eb4fea1f16b36628e8793f2bf
                                                                      • Opcode Fuzzy Hash: 38bc9668b365e7f7c9fdf723baa9ef7a4dd5e5289219ddd6560884f818d1f4f0
                                                                      • Instruction Fuzzy Hash: CC11F572900298FBCB21CBDACC84DEFFFBCEF95744F1400BAA515A2121D6B19A40DB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004C491F
                                                                      • GetSystemMetrics.USER32(00000000), ref: 004C4937
                                                                      • GetSystemMetrics.USER32(00000001), ref: 004C493E
                                                                      • lstrcpyA.KERNEL32(?,DISPLAY), ref: 004C4962
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: System$Metrics$InfoParameterslstrcpy
                                                                      • String ID: B$DISPLAY
                                                                      • API String ID: 1409579217-3316187204
                                                                      • Opcode ID: e4ae313c8bd49b62f1bce8d987e994f535a2ee4bf8d1d931e9b835fdd02c748b
                                                                      • Instruction ID: 7505071bfaf138be4e2b03b57c0caabe03293384d4fae89ec502cfda03538507
                                                                      • Opcode Fuzzy Hash: e4ae313c8bd49b62f1bce8d987e994f535a2ee4bf8d1d931e9b835fdd02c748b
                                                                      • Instruction Fuzzy Hash: DE11A7B5600234ABCFD19F649D84BDB7FA8EF85750F01406BFC05AE146C275D900CBA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetStringTypeW.KERNEL32(00000001,0055049C,00000001,?,74DEE860,005B0E24,?,?,004C69FD,?,?,?,00000000,00000001), ref: 004D0C57
                                                                      • GetStringTypeA.KERNEL32(00000000,00000001,00550498,00000001,?,?,004C69FD,?,?,?,00000000,00000001), ref: 004D0C71
                                                                      • GetStringTypeA.KERNEL32(?,?,?,?,004C69FD,74DEE860,005B0E24,?,?,004C69FD,?,?,?,00000000,00000001), ref: 004D0CA5
                                                                      • MultiByteToWideChar.KERNEL32(?,005B0E25,?,?,00000000,00000000,74DEE860,005B0E24,?,?,004C69FD,?,?,?,00000000,00000001), ref: 004D0CDD
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,004C69FD,?), ref: 004D0D33
                                                                      • GetStringTypeW.KERNEL32(?,?,00000000,004C69FD,?,?,?,?,?,?,004C69FD,?), ref: 004D0D45
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: StringType$ByteCharMultiWide
                                                                      • String ID:
                                                                      • API String ID: 3852931651-0
                                                                      • Opcode ID: ce2bd298792dc07d4afac627077b77712a4ed27c135bff86591539a5efc496db
                                                                      • Instruction ID: 40f6497f6d1f5199dd0acdd703d2beb4cc0d13a29004ef0c2a68096b9f00b1ee
                                                                      • Opcode Fuzzy Hash: ce2bd298792dc07d4afac627077b77712a4ed27c135bff86591539a5efc496db
                                                                      • Instruction Fuzzy Hash: D641AD72A00259EFCF20AF94CC85EAF7F79EB19750F10452BFA0596260C339D910DBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: wsprintf
                                                                      • String ID: - $ - [$%d / %d]$?? / %d]
                                                                      • API String ID: 2111968516-3107364983
                                                                      • Opcode ID: a435fe939fbe1624f085e6af6a478031b58b1a95ce9f1ab9f5734894a9c09759
                                                                      • Instruction ID: af9f4737227d1b1b95ecc9322c738140d9d0284df625f5c0bde5a8b8d4965661
                                                                      • Opcode Fuzzy Hash: a435fe939fbe1624f085e6af6a478031b58b1a95ce9f1ab9f5734894a9c09759
                                                                      • Instruction Fuzzy Hash: 3231B334204300AFC314DB15DC91F6BB7E4BB84714F008A1EF49A83391EB79E909CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • TlsGetValue.KERNEL32(005ACB54,005ACB44,00000000,?,005ACB54,?,004DFD1C,005ACB44,00000000,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004DFABF
                                                                      • EnterCriticalSection.KERNEL32(005ACB70,00000010,?,005ACB54,?,004DFD1C,005ACB44,00000000,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004DFB0E
                                                                      • LeaveCriticalSection.KERNEL32(005ACB70,00000000,?,005ACB54,?,004DFD1C,005ACB44,00000000,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004DFB21
                                                                      • LocalAlloc.KERNEL32(00000000,00000004,?,005ACB54,?,004DFD1C,005ACB44,00000000,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004DFB37
                                                                      • LocalReAlloc.KERNEL32(?,00000004,00000002,?,005ACB54,?,004DFD1C,005ACB44,00000000,?,00000000,004DF733,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004DFB49
                                                                      • TlsSetValue.KERNEL32(005ACB54,00000000), ref: 004DFB85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: AllocCriticalLocalSectionValue$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 4117633390-0
                                                                      • Opcode ID: d752225790128401acd3975e10346e718886536231d8884f3da3d82f0971e1a0
                                                                      • Instruction ID: f939fefcafd5662252ec980c4ce6f2a98b939f83effdb52f74b5267d3485cd9f
                                                                      • Opcode Fuzzy Hash: d752225790128401acd3975e10346e718886536231d8884f3da3d82f0971e1a0
                                                                      • Instruction Fuzzy Hash: 7E317831200605AFDB24DF59C8A9E66B7A8FF44365F00862BE41A8B351DB74E909CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetParent.USER32(?), ref: 004DDDF3
                                                                      • GetLastActivePopup.USER32(?), ref: 004DDE02
                                                                      • IsWindowEnabled.USER32(?), ref: 004DDE17
                                                                      • EnableWindow.USER32(?,00000000), ref: 004DDE2A
                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 004DDE3C
                                                                      • GetParent.USER32(?), ref: 004DDE4A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                      • String ID:
                                                                      • API String ID: 670545878-0
                                                                      • Opcode ID: 90d5077a24eb08e07137a33c44fdb19bbc7aed971a999634c798c6f9cadd05f8
                                                                      • Instruction ID: 8d08e94ab8d38beaa6f3d91e59732046f46c1b5ee1ad91116caafc22801981b7
                                                                      • Opcode Fuzzy Hash: 90d5077a24eb08e07137a33c44fdb19bbc7aed971a999634c798c6f9cadd05f8
                                                                      • Instruction Fuzzy Hash: EC11A332E01B2157CA315A695CA4B3B73995F74F91F150127ED04DB349DB28DC0186ED
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?), ref: 004E0BFA
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 004E0C21
                                                                      • CLSIDFromString.OLE32(?,?,?,00000001), ref: 004E0C2B
                                                                      • lstrlenA.KERNEL32(?), ref: 004E0C3C
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 004E0C63
                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000001), ref: 004E0C6D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharFromMultiWidelstrlen$ProgString
                                                                      • String ID:
                                                                      • API String ID: 2475774695-0
                                                                      • Opcode ID: 77888a3f9279d7aa218e6dbaf7b5f48e416acb56e14909712ab2c12228b41e2f
                                                                      • Instruction ID: 466677a52bb99b82e3e4d7351b1d7cabf2e94c8e107655bb13396bf8aab11740
                                                                      • Opcode Fuzzy Hash: 77888a3f9279d7aa218e6dbaf7b5f48e416acb56e14909712ab2c12228b41e2f
                                                                      • Instruction Fuzzy Hash: 82112533500185FBCB202BA2DC49FAB7F6CEF523A2F214235FE258A180D7749552C7A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ClientToScreen.USER32(?,?), ref: 004DD6EE
                                                                      • GetWindow.USER32(?,00000005), ref: 004DD6FF
                                                                      • GetDlgCtrlID.USER32(00000000), ref: 004DD708
                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 004DD717
                                                                      • GetWindowRect.USER32(00000000,?), ref: 004DD729
                                                                      • PtInRect.USER32(?,?,?), ref: 004DD739
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                      • String ID:
                                                                      • API String ID: 1315500227-0
                                                                      • Opcode ID: 81f534f4d6ed47a89f05d9a2ab618f4d50faeac53682e400ceafd019fb0ae0cd
                                                                      • Instruction ID: d29cf166d4e4e65e13ebd3736dc77df0ea4c61d2be9687adc196ec72689e38b3
                                                                      • Opcode Fuzzy Hash: 81f534f4d6ed47a89f05d9a2ab618f4d50faeac53682e400ceafd019fb0ae0cd
                                                                      • Instruction Fuzzy Hash: 4301A231500169BBDB126F64DC48EAF376CEF50350F054032F901D92A1E734DA168B9C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,00002002,00001000,?,?), ref: 00461764
                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00000002), ref: 0046176E
                                                                        • Part of subcall function 004DEEE4: __EH_prolog.LIBCMT ref: 004DEEE9
                                                                        • Part of subcall function 004D61AC: InterlockedDecrement.KERNEL32(-000000F4), ref: 004D61C0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocDecrementH_prologInterlockedUnlock
                                                                      • String ID: ~T$~T$~T
                                                                      • API String ID: 2641609054-387637837
                                                                      • Opcode ID: 0dbe0d4a2f1121699d6aea017994b019ba831011890e4b2815983debbd19b38f
                                                                      • Instruction ID: cc9bba29dfd6fcbccaa53741c961550491d5c38aea3c963bc9bf984ca5b88054
                                                                      • Opcode Fuzzy Hash: 0dbe0d4a2f1121699d6aea017994b019ba831011890e4b2815983debbd19b38f
                                                                      • Instruction Fuzzy Hash: F4519B74D01288DEEB10EBA5C955BEDBBB4BF65308F10418EE4056B382DB781B09CB66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32 ref: 004C9D58
                                                                      • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004C9D8D
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004C9DED
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentFileModuleNameVariableVersion
                                                                      • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                      • API String ID: 1385375860-4131005785
                                                                      • Opcode ID: e355557697fe934b439c0004d673505a6dba1189d563d5198c6a18d30d1cf459
                                                                      • Instruction ID: 5ab79ba25922eb33a2e7bb9d5ebf6280ce36b22b87566553d223e15f96084cbf
                                                                      • Opcode Fuzzy Hash: e355557697fe934b439c0004d673505a6dba1189d563d5198c6a18d30d1cf459
                                                                      • Instruction Fuzzy Hash: AE3148399052887DEFB1D7706C89FDE37689B26304F1400EFD146DA282E6388DC5CB19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 004D8393
                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 004D83A4
                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 004D83B4
                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 004D83D0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: LongWindow$MessageSend
                                                                      • String ID: (
                                                                      • API String ID: 2178440468-3887548279
                                                                      • Opcode ID: 44d207a180d286432e5ee23dadf4929f859d4815eb88260333c905ba8684301a
                                                                      • Instruction ID: 1a324aa7dcce21cc325d3101f7105b5a356d0145e923d0f831d331d99cd8983b
                                                                      • Opcode Fuzzy Hash: 44d207a180d286432e5ee23dadf4929f859d4815eb88260333c905ba8684301a
                                                                      • Instruction Fuzzy Hash: F531A5316007009FDB20AF65D854A6EB7F4BF04B14F15463FE9469B792DB79E804CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004E05D0
                                                                        • Part of subcall function 004E06BC: lstrlenA.KERNEL32(00000104,00000000,?,004E0600), ref: 004E06F3
                                                                      • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 004E0671
                                                                      • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 004E069E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: FileModuleNamelstrcatlstrcpylstrlen
                                                                      • String ID: .HLP$.INI
                                                                      • API String ID: 2421895198-3011182340
                                                                      • Opcode ID: 9fc930762c9d709d4b3579af0b3bd251a2fe93db7134392ccbd4ddb0fd8efb9d
                                                                      • Instruction ID: 137e00bc2aacee407c2dbafa17b1ce9adbca61ca02742fbee3a76eaab35a5b87
                                                                      • Opcode Fuzzy Hash: 9fc930762c9d709d4b3579af0b3bd251a2fe93db7134392ccbd4ddb0fd8efb9d
                                                                      • Instruction Fuzzy Hash: 873181B5900359AFDB60EB75C884BC6B7F8AB04304F10496FE199D2151DBB8A9C48B24
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004DDDC0: GetParent.USER32(?), ref: 004DDDF3
                                                                        • Part of subcall function 004DDDC0: GetLastActivePopup.USER32(?), ref: 004DDE02
                                                                        • Part of subcall function 004DDDC0: IsWindowEnabled.USER32(?), ref: 004DDE17
                                                                        • Part of subcall function 004DDDC0: EnableWindow.USER32(?,00000000), ref: 004DDE2A
                                                                      • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 004DDC7E
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 004DDCEC
                                                                      • MessageBoxA.USER32(00000000,?,?,00000000), ref: 004DDCFA
                                                                      • EnableWindow.USER32(00000000,00000001), ref: 004DDD16
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                      • String ID: dgM
                                                                      • API String ID: 1958756768-2454616739
                                                                      • Opcode ID: 1510b36d0604d2566a36e17d40cd3dee1fb2816502a54ba717f7a3670a76b398
                                                                      • Instruction ID: 37001135ac71a1205b66f0963ce672a7c09210ca286381095524cc98fce80d82
                                                                      • Opcode Fuzzy Hash: 1510b36d0604d2566a36e17d40cd3dee1fb2816502a54ba717f7a3670a76b398
                                                                      • Instruction Fuzzy Hash: D221A072E10118AFDB209FA8CCD1AAEB7B9EB44B40F15042BE601E7380C7B49D40CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalLock.KERNEL32(?), ref: 0046A620
                                                                      • GlobalSize.KERNEL32(?), ref: 0046A643
                                                                      • GlobalSize.KERNEL32(?), ref: 0046A673
                                                                      • GlobalUnlock.KERNEL32(?,00000000,00000000), ref: 0046A683
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Size$LockUnlock
                                                                      • String ID: BM
                                                                      • API String ID: 2233901773-2348483157
                                                                      • Opcode ID: e60831f68e2bd578a6609dfaa2d443785022a3b6a8074036997716fadb769d30
                                                                      • Instruction ID: 5672ab0df6a14f47905da2d5c7bf0650acf607e8cb15e27b2b6ee98d9cc5acbc
                                                                      • Opcode Fuzzy Hash: e60831f68e2bd578a6609dfaa2d443785022a3b6a8074036997716fadb769d30
                                                                      • Instruction Fuzzy Hash: A621D776900258ABC710DFA9D841BDEFBB8FF48724F00426AE819F3381D7395940CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: wsprintf$ClassInfo
                                                                      • String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
                                                                      • API String ID: 845911565-79760390
                                                                      • Opcode ID: dd6a16bf40b767690a32aa308d37cf0e93d265e9f5da24b694c9a6a9224d1d8b
                                                                      • Instruction ID: fdf41c8bf2842cb1cfcdd5902222d90f2e7f3f4e08fa7bacd66419c8ea3eecb6
                                                                      • Opcode Fuzzy Hash: dd6a16bf40b767690a32aa308d37cf0e93d265e9f5da24b694c9a6a9224d1d8b
                                                                      • Instruction Fuzzy Hash: 0E211A71A01249AB8F10EF99DC919EE7BB8FF59354B00402BF908E2301E7749A50DBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetStartupInfoA.KERNEL32(?), ref: 004C9AE0
                                                                      • GetFileType.KERNEL32(?,?,00000000), ref: 004C9B8B
                                                                      • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 004C9BEE
                                                                      • GetFileType.KERNEL32(00000000,?,00000000), ref: 004C9BFC
                                                                      • SetHandleCount.KERNEL32 ref: 004C9C33
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType$CountInfoStartup
                                                                      • String ID:
                                                                      • API String ID: 1710529072-0
                                                                      • Opcode ID: 07822372934da915d80faed9b68c785a257d318f11b217694ed199134f5e1449
                                                                      • Instruction ID: 97a16d365b6f6b649aa4a134094774db907fee664ed672d1739f2b8a567079c8
                                                                      • Opcode Fuzzy Hash: 07822372934da915d80faed9b68c785a257d318f11b217694ed199134f5e1449
                                                                      • Instruction Fuzzy Hash: 21511839600645AFC7A08B28D888F6B37E4BB11324F2547AED5A28B2E1E738EC05C715
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • midiStreamStop.WINMM(?,00000000,0057ECF4,00000000,0046EEDA,00000000,0057EF98,004653B6,0057EF98,?,0045FF2F,0057EF98,0045DEE6,00000001,00000000,000000FF), ref: 0046F3A5
                                                                      • midiOutReset.WINMM(?,?,0045FF2F,0057EF98,0045DEE6,00000001,00000000,000000FF), ref: 0046F3C3
                                                                      • WaitForSingleObject.KERNEL32(?,000007D0,?,0045FF2F,0057EF98,0045DEE6,00000001,00000000,000000FF), ref: 0046F3E6
                                                                      • midiStreamClose.WINMM(?,?,0045FF2F,0057EF98,0045DEE6,00000001,00000000,000000FF), ref: 0046F423
                                                                      • midiStreamClose.WINMM(?,?,0045FF2F,0057EF98,0045DEE6,00000001,00000000,000000FF), ref: 0046F457
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: midi$Stream$Close$ObjectResetSingleStopWait
                                                                      • String ID:
                                                                      • API String ID: 3142198506-0
                                                                      • Opcode ID: 31c47ce4c6292364fc2abaf5e1f34b6138c7e8a27841ccd3199077208d5e09d6
                                                                      • Instruction ID: d1f51211ae8195b80d20be4d6b13b489dd98381c74e36837e223653fabf6e88c
                                                                      • Opcode Fuzzy Hash: 31c47ce4c6292364fc2abaf5e1f34b6138c7e8a27841ccd3199077208d5e09d6
                                                                      • Instruction Fuzzy Hash: 953142B27006418BC7209F69E4C451FB7E5BBA4315B10493FE5C6C6B01DB79E889CB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004D8757
                                                                      • GetClassInfoA.USER32(?,?,?), ref: 004D8772
                                                                      • RegisterClassA.USER32(?), ref: 004D877D
                                                                      • lstrcatA.KERNEL32(00000034,?,00000001), ref: 004D87B4
                                                                      • lstrcatA.KERNEL32(00000034,?), ref: 004D87C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Classlstrcat$H_prologInfoRegister
                                                                      • String ID:
                                                                      • API String ID: 106226465-0
                                                                      • Opcode ID: ea59d579faece39840ecc293fb9ae2128313f0a404cd7669822da57d81da0f7a
                                                                      • Instruction ID: cc4f681f2ca90e50fabd7424a106c2b1361fcfc679d0d8f09d59d9f40d07fc8a
                                                                      • Opcode Fuzzy Hash: ea59d579faece39840ecc293fb9ae2128313f0a404cd7669822da57d81da0f7a
                                                                      • Instruction Fuzzy Hash: 00110835600344BED710AFA59C41BEE7BB8EF55754F00452FF812A7252C7B89604CB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetLastError.KERNEL32(00000103,7FFFFFFF,004C7012,004C8E46,00000000,?,?,00000000,00000001), ref: 004C9CA7
                                                                      • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 004C9CB5
                                                                      • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 004C9D01
                                                                        • Part of subcall function 004C7406: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004C74FC
                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 004C9CD9
                                                                      • GetCurrentThreadId.KERNEL32 ref: 004C9CEA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                      • String ID:
                                                                      • API String ID: 2020098873-0
                                                                      • Opcode ID: 04cd0ab80d2381e04b9caa39f535142ea86b8a6d237dd2dfb49d32393de25800
                                                                      • Instruction ID: 924bdf067b0e9c2a6e911b2616160de2676b3176714150060dccff1019830da8
                                                                      • Opcode Fuzzy Hash: 04cd0ab80d2381e04b9caa39f535142ea86b8a6d237dd2dfb49d32393de25800
                                                                      • Instruction Fuzzy Hash: 91F0FC355002217BC3612B35BC4DF5A3A54AF517B2B11413EF942DA2E2CF648C028758
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 0045DC50: GetCurrentThreadId.KERNEL32 ref: 0045DC75
                                                                        • Part of subcall function 0045DC50: IsWindow.USER32(00010462), ref: 0045DC91
                                                                        • Part of subcall function 0045DC50: SendMessageA.USER32(00010462,000083E7,?,00000000), ref: 0045DCAA
                                                                        • Part of subcall function 0045DC50: ExitProcess.KERNEL32 ref: 0045DCBF
                                                                      • DeleteCriticalSection.KERNEL32(0057FA18,?,?,?,?,?,?,?,?,0046531D), ref: 0045A28A
                                                                        • Part of subcall function 004D8240: __EH_prolog.LIBCMT ref: 004D8245
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
                                                                      • String ID: !$#$l|T
                                                                      • API String ID: 2888814780-1877694104
                                                                      • Opcode ID: 670d53d64ea9826b9688b10209a00c7144c2493fb0a830a7267a9e39f36f37bc
                                                                      • Instruction ID: 503f9a62ecb541babeebf84d6cec8e8e7a844ee16cc815fc84729dbd9f324475
                                                                      • Opcode Fuzzy Hash: 670d53d64ea9826b9688b10209a00c7144c2493fb0a830a7267a9e39f36f37bc
                                                                      • Instruction Fuzzy Hash: A5912170108B828AE312DF79C45479ABFE56F75348F24084EE4D907393DBB96248CBA7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalLock.KERNEL32 ref: 004DBF85
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 004DBFD8
                                                                      • GlobalUnlock.KERNEL32(?), ref: 004DC06F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Global$ByteCharLockMultiUnlockWide
                                                                      • String ID: @
                                                                      • API String ID: 231414890-2766056989
                                                                      • Opcode ID: 848260ba1d0d910211b504b8ef46aab9b32b1dac96116ba1df8f0eaa9828bde2
                                                                      • Instruction ID: f7da41fb134661f41316eabcafa2e82f5dd250de490d4577ce1aea6fb928eceb
                                                                      • Opcode Fuzzy Hash: 848260ba1d0d910211b504b8ef46aab9b32b1dac96116ba1df8f0eaa9828bde2
                                                                      • Instruction Fuzzy Hash: CF41C576800206EFCB15DF94C8819AEBBB8FF04354F15816FE815AB385D3399A46CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetMenuCheckMarkDimensions.USER32 ref: 004E0206
                                                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 004E02B5
                                                                      • LoadBitmapA.USER32(00000000,00007FE3), ref: 004E02CD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                      • String ID:
                                                                      • API String ID: 2596413745-3916222277
                                                                      • Opcode ID: e0f6f133e65f497dc34ac6312ba9aeabc0f5bf0e039e3491381c59783598358e
                                                                      • Instruction ID: 1c81bdd8009f4d9b43b3d81ac311719e20362ff1d22e96c6783b6d1be020ae38
                                                                      • Opcode Fuzzy Hash: e0f6f133e65f497dc34ac6312ba9aeabc0f5bf0e039e3491381c59783598358e
                                                                      • Instruction Fuzzy Hash: B2214571E00255AFEB10CB78DCC9BAE7BF8EB40305F0502A6E519EB2C2D6749E448B44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 004DD67B
                                                                      • GetClassNameA.USER32(00000000,?,0000000A), ref: 004DD696
                                                                      • lstrcmpiA.KERNEL32(?,combobox), ref: 004DD6A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ClassLongNameWindowlstrcmpi
                                                                      • String ID: combobox
                                                                      • API String ID: 2054663530-2240613097
                                                                      • Opcode ID: d509505082b98c70d4e86551fed4aa2c3ce2120c092be28b6725e7f776ce6fbf
                                                                      • Instruction ID: 69168c40d027bb81fc6d75689f382983f43b0c322e3465672204c0ade8a4c8e1
                                                                      • Opcode Fuzzy Hash: d509505082b98c70d4e86551fed4aa2c3ce2120c092be28b6725e7f776ce6fbf
                                                                      • Instruction Fuzzy Hash: A9E0ED31AA0108BBCF00AF64CC8AE9A3B68EB10341F008232B426D91E1D674D145CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 01acf29460835f0bffd7290c2b289db2aa2b161a0daeaded6ee137ad61051ae2
                                                                      • Instruction ID: a2effc8ea32dcfa6b12bcd4e67ec4c29c57176dcf1a61cf109b010865655db95
                                                                      • Opcode Fuzzy Hash: 01acf29460835f0bffd7290c2b289db2aa2b161a0daeaded6ee137ad61051ae2
                                                                      • Instruction Fuzzy Hash: 6491E7B9D05114ABDB91AB698C81F9F7B78EB44364F24052FF814B6292E3399D40CF6C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(00000000,00002020,005704D0,005704D0,?,?,004CE768,00000000,00000010,00000000,00000009,00000009,?,004C6631,00000010,00000000), ref: 004CE2BD
                                                                      • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,004CE768,00000000,00000010,00000000,00000009,00000009,?,004C6631,00000010,00000000), ref: 004CE2E1
                                                                      • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,004CE768,00000000,00000010,00000000,00000009,00000009,?,004C6631,00000010,00000000), ref: 004CE2FB
                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004CE768,00000000,00000010,00000000,00000009,00000009,?,004C6631,00000010,00000000,?), ref: 004CE3BC
                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,004CE768,00000000,00000010,00000000,00000009,00000009,?,004C6631,00000010,00000000,?,00000000), ref: 004CE3D3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual$FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 714016831-0
                                                                      • Opcode ID: d1dc26e20db9b253aae9b46e62717c75e16cc266b8485fb63dad992a69c24304
                                                                      • Instruction ID: e01ac228310ac75be5969e05c31accd1c78fb89f61369091eeae4384ffb12e1f
                                                                      • Opcode Fuzzy Hash: d1dc26e20db9b253aae9b46e62717c75e16cc266b8485fb63dad992a69c24304
                                                                      • Instruction Fuzzy Hash: 07312074600711DBD7708F26EC44F26BBE5E790754F10423EEA59EB3E0E7B8A845AB48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • midiStreamOpen.WINMM(0057ED10,0057ED38,00000001,00470300,0057ECF4,00030000,?,0057ECF4,?,00000000), ref: 0046FCFB
                                                                      • midiStreamProperty.WINMM ref: 0046FDE2
                                                                      • midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,0057ECF4,?,00000000), ref: 0046FF30
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: midi$Stream$HeaderOpenPrepareProperty
                                                                      • String ID:
                                                                      • API String ID: 2061886437-0
                                                                      • Opcode ID: 7ccbcd9ea48d859b50558ed712e733e786873e948a660bbbeeb698ebb94aaf24
                                                                      • Instruction ID: 094b0e21b06e1499b19c05ff03c7521bfeccb59dcda65211775180168bf11e20
                                                                      • Opcode Fuzzy Hash: 7ccbcd9ea48d859b50558ed712e733e786873e948a660bbbeeb698ebb94aaf24
                                                                      • Instruction Fuzzy Hash: 84A14C712006068FD724DF28D890BAAB7F6FB84304F50892EE69AC7751EB35F919CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 004CFDCA
                                                                      • GetLastError.KERNEL32 ref: 004CFDD4
                                                                      • ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 004CFE9A
                                                                      • GetLastError.KERNEL32 ref: 004CFEA4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastRead
                                                                      • String ID:
                                                                      • API String ID: 1948546556-0
                                                                      • Opcode ID: d2928701f63e8eb4af249621f3e6c44871eeb0ea8ac326633e9ac1b494cece52
                                                                      • Instruction ID: 7f19668885b847bc55d441b2b695c68d4610619066eb97dde487d6af0c0afce2
                                                                      • Opcode Fuzzy Hash: d2928701f63e8eb4af249621f3e6c44871eeb0ea8ac326633e9ac1b494cece52
                                                                      • Instruction Fuzzy Hash: E151B6395043859FDF618F58C884FAA7BB2EF16304F1444AFE8658B362D37C994ACB19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteObject$Release
                                                                      • String ID:
                                                                      • API String ID: 2600533906-0
                                                                      • Opcode ID: 732b7db65f8485fc7ff02a93f7f21407cc6a402a96bea0fc206144283835af49
                                                                      • Instruction ID: eafe99696fd78edd28b29479457d33a178569475ca8504f55c786f9351beb883
                                                                      • Opcode Fuzzy Hash: 732b7db65f8485fc7ff02a93f7f21407cc6a402a96bea0fc206144283835af49
                                                                      • Instruction Fuzzy Hash: 5B514FB1A002449FDF14EF28C484B9A77EABB54700F08857BED49CF31ADB359945CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 004CFC27
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: 6a5c8521e18e32db72540ec4932a06ba78804e90ecf302404afb370e383f97fa
                                                                      • Instruction ID: 81ea21f208bb8a1208b5c717edee018b1cce46d42ef40fbe636aa88699be1b61
                                                                      • Opcode Fuzzy Hash: 6a5c8521e18e32db72540ec4932a06ba78804e90ecf302404afb370e383f97fa
                                                                      • Instruction Fuzzy Hash: 97518D3960024CEFCB51CF68C980F9E7BB6FF41340F2081AEE8159B251D7389A44DB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 004CC544: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC581
                                                                        • Part of subcall function 004CC544: EnterCriticalSection.KERNEL32(?,?,?,004C74BC,00000009,00000000,00000000,00000001,004C9CCA,00000001,00000074,?,?,00000000,00000001), ref: 004CC59C
                                                                      • InitializeCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,004D2A88,?,?,00000000), ref: 004D267D
                                                                      • EnterCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,004D2A88,?,?,00000000), ref: 004D2692
                                                                      • LeaveCriticalSection.KERNEL32(00000068,?,00000000,?,?,004D2A88,?,?,00000000), ref: 004D269F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterInitialize$Leave
                                                                      • String ID:
                                                                      • API String ID: 713024617-3916222277
                                                                      • Opcode ID: 45939dcc2dd1e7304cd311f9a0cc5128ec9fcd1d73957de29cd2846a0d80750a
                                                                      • Instruction ID: 3324f6c320a47f93aebca83733e2ae152c22ce44d9021db6da0efbb55d05b18e
                                                                      • Opcode Fuzzy Hash: 45939dcc2dd1e7304cd311f9a0cc5128ec9fcd1d73957de29cd2846a0d80750a
                                                                      • Instruction Fuzzy Hash: E03122721043159FD7249F24ED84B6B77D4EF60328F248A2FE6654B3D2D7B8E8488719
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrcpynA.KERNEL32(004DA799,?,00000104,?,?,?,?,?,?,?,004DA787,?), ref: 004DA7C7
                                                                      • GetFileTime.KERNEL32(00000000,004DA787,?,?,?,?,?,?,?,?,?,004DA787,?), ref: 004DA7E8
                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,004DA787,?), ref: 004DA7F7
                                                                      • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,004DA787,?), ref: 004DA818
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesSizeTimelstrcpyn
                                                                      • String ID:
                                                                      • API String ID: 1499663573-0
                                                                      • Opcode ID: e90aadb3ae8cce959c71cf1dc1ec57dc3c83d765fc914946ba94fef2d55d2bdc
                                                                      • Instruction ID: a2c0d552be97c806c8195001a12db1973af009de447db264d8d1eb4b93a718e4
                                                                      • Opcode Fuzzy Hash: e90aadb3ae8cce959c71cf1dc1ec57dc3c83d765fc914946ba94fef2d55d2bdc
                                                                      • Instruction Fuzzy Hash: 1D31BC72500205AFD710EF60C894AABB7E8BB14310F10892FF552C7280EB74A985CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetVersion.KERNEL32 ref: 004C4CC3
                                                                        • Part of subcall function 004C9E81: HeapCreate.KERNELBASE(00000000,00001000,00000000,004C4CFB,00000001), ref: 004C9E92
                                                                        • Part of subcall function 004C9E81: HeapDestroy.KERNEL32 ref: 004C9ED1
                                                                      • GetCommandLineA.KERNEL32 ref: 004C4D23
                                                                      • GetStartupInfoA.KERNEL32(?), ref: 004C4D4E
                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004C4D71
                                                                        • Part of subcall function 004C4DCA: ExitProcess.KERNEL32 ref: 004C4DE7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                      • String ID:
                                                                      • API String ID: 2057626494-0
                                                                      • Opcode ID: b76f071260d3222d41d0ee69e8f10d39c6060b5d9aff8fd42ebe650ada1a3ba7
                                                                      • Instruction ID: d6786fd6a3431d73f34e3bd78c073767691365aa5144c72b4d857b8dce8d422e
                                                                      • Opcode Fuzzy Hash: b76f071260d3222d41d0ee69e8f10d39c6060b5d9aff8fd42ebe650ada1a3ba7
                                                                      • Instruction Fuzzy Hash: B121D0B4800304AFD748AFB59D4AFAE7BA8AF55704F10012FF801AB292DB384800CB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004D6895
                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 004D689B
                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 004D689E
                                                                      • GetLastError.KERNEL32(00000000), ref: 004D68B8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 3907606552-0
                                                                      • Opcode ID: feee11672076ef4c17ffe21a85af6530458ae17d3dc3232d202ddabd83abd310
                                                                      • Instruction ID: 9267ab68199c34cf0f84241e928dc75c855f5f1f89cd3817f70c645417d81ae7
                                                                      • Opcode Fuzzy Hash: feee11672076ef4c17ffe21a85af6530458ae17d3dc3232d202ddabd83abd310
                                                                      • Instruction Fuzzy Hash: 3D018435700204BFEB10ABA9DD59F5ABB9CEF84764F15412BFA05CB391EB64DC0097A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CloseHandle.KERNEL32(00000000,00000100,n+M,004CF59B,n+M,n+M,00000100,00000000,004D2B6E,00000000), ref: 004CF5FD
                                                                      • GetLastError.KERNEL32 ref: 004CF607
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID: n+M$n+M
                                                                      • API String ID: 918212764-2565447628
                                                                      • Opcode ID: e8522f43e3358fa118d92533ebc59416fd978adba1ac6a4e3396dc9cf288f080
                                                                      • Instruction ID: df616de57fe46480f83c07aaaf79b2eee65c66f0fb2a88c083b7c1e614e47fef
                                                                      • Opcode Fuzzy Hash: e8522f43e3358fa118d92533ebc59416fd978adba1ac6a4e3396dc9cf288f080
                                                                      • Instruction Fuzzy Hash: 6101F23B20592156CAA076397C49F6B124A8B91328F26063FF810CB2E2DE5CD847516D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • WindowFromPoint.USER32(?,?), ref: 004D4F8E
                                                                      • GetParent.USER32(00000000), ref: 004D4F9B
                                                                      • ScreenToClient.USER32(00000000,?), ref: 004D4FBC
                                                                      • IsWindowEnabled.USER32(00000000), ref: 004D4FD5
                                                                        • Part of subcall function 004DD66A: GetWindowLongA.USER32(00000000,000000F0), ref: 004DD67B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                      • String ID:
                                                                      • API String ID: 2204725058-0
                                                                      • Opcode ID: 3c539f2fe09b3cc7809de83bd0a90acc0058c6a328a849d91cd8761e2c490bc1
                                                                      • Instruction ID: 8fd150f2a7e9a57f92b6a50ed8284723ad7a97a7e3167b663cd45a19088f5a3c
                                                                      • Opcode Fuzzy Hash: 3c539f2fe09b3cc7809de83bd0a90acc0058c6a328a849d91cd8761e2c490bc1
                                                                      • Instruction Fuzzy Hash: 4F01DF3AA00504BB87029B59DC58DAFBAB9AFC5740B05407FF905D7324EB38CE008BA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,?), ref: 004D9224
                                                                      • GetTopWindow.USER32(00000000), ref: 004D9237
                                                                      • GetTopWindow.USER32(?), ref: 004D9267
                                                                      • GetWindow.USER32(00000000,00000002), ref: 004D9282
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item
                                                                      • String ID:
                                                                      • API String ID: 369458955-0
                                                                      • Opcode ID: 45361c1fafd5cd3ac0528d460e459b2faf8e608282997f369e090d53931b232e
                                                                      • Instruction ID: 73c7718a26db872d53e29e0d64a1ff2e15df0c83f9316973f8a659dd90328e5d
                                                                      • Opcode Fuzzy Hash: 45361c1fafd5cd3ac0528d460e459b2faf8e608282997f369e090d53931b232e
                                                                      • Instruction Fuzzy Hash: A501D632101216B7CF627FA19C20EAF3A58AF91394F018963FC00E6311E739CD219AED
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetTopWindow.USER32(?), ref: 004D92A0
                                                                      • SendMessageA.USER32(00000000,?,?,?), ref: 004D92D6
                                                                      • GetTopWindow.USER32(00000000), ref: 004D92E3
                                                                      • GetWindow.USER32(00000000,00000002), ref: 004D9301
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend
                                                                      • String ID:
                                                                      • API String ID: 1496643700-0
                                                                      • Opcode ID: d17141f0ee3edb06be115652f171bc76a671a6b27e45e46f3ff45d26579b8857
                                                                      • Instruction ID: 79aa91853e685b1ea5c8ea9dbdc6a3ae611b130895cc2d57f29ee5f6970b59ad
                                                                      • Opcode Fuzzy Hash: d17141f0ee3edb06be115652f171bc76a671a6b27e45e46f3ff45d26579b8857
                                                                      • Instruction Fuzzy Hash: 76010C3210121ABBCF126F959C15E9F3B2AAF55360F058457FA0095261D73ACD21EBE9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 004DE018
                                                                      • RegCloseKey.ADVAPI32(00000000,?,?), ref: 004DE021
                                                                      • wsprintfA.USER32 ref: 004DE03D
                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 004DE056
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                      • String ID:
                                                                      • API String ID: 1902064621-0
                                                                      • Opcode ID: c9f4436b480806a73196ba1166bc6e68638ff3dd0adffa7c8b8dfab43254fae1
                                                                      • Instruction ID: 7026c0f84424c6525cef9eec577493bf3d4fb4d60b5cae3ffcaaadca93ef9ae9
                                                                      • Opcode Fuzzy Hash: c9f4436b480806a73196ba1166bc6e68638ff3dd0adffa7c8b8dfab43254fae1
                                                                      • Instruction Fuzzy Hash: F901A232400229FBCF126F68DC49FEF3BA8BF08754F054426FA119A192D7B5D510CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetObjectA.GDI32(00000000,0000000C,?), ref: 004D99BF
                                                                      • SetBkColor.GDI32(00000000,00000000), ref: 004D99CB
                                                                      • GetSysColor.USER32(00000008), ref: 004D99DB
                                                                      • SetTextColor.GDI32(00000000,?), ref: 004D99E5
                                                                        • Part of subcall function 004DD66A: GetWindowLongA.USER32(00000000,000000F0), ref: 004DD67B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Color$LongObjectTextWindow
                                                                      • String ID:
                                                                      • API String ID: 2871169696-0
                                                                      • Opcode ID: 6c385030a38c336cbf844b36c5466d592c66eac604ad1707f8a214b6719ef8ce
                                                                      • Instruction ID: e7e0b3c0416c32862fa5c1fe47c7d23bdcd68ec78ae3d5865744fe5890268d00
                                                                      • Opcode Fuzzy Hash: 6c385030a38c336cbf844b36c5466d592c66eac604ad1707f8a214b6719ef8ce
                                                                      • Instruction Fuzzy Hash: DD016D71500108ABDF219F68DCE9BAF7B68AB10390F10466BF911C43E1C778CD90CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetWindowExtEx.GDI32(?,?), ref: 004DCAB4
                                                                      • GetViewportExtEx.GDI32(?,?), ref: 004DCAC1
                                                                      • MulDiv.KERNEL32(?,00000000,00000000), ref: 004DCAE6
                                                                      • MulDiv.KERNEL32(?,00000000,00000000), ref: 004DCB01
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ViewportWindow
                                                                      • String ID:
                                                                      • API String ID: 1589084482-0
                                                                      • Opcode ID: 65ff3faa485939bd99985d64348ecf4579ed83a04ffd0bd610d3c97037bb05c0
                                                                      • Instruction ID: 14df15a16653f96fa7499f5c6f8ea27ce739c0c9d2fd066fa77b9da02681af37
                                                                      • Opcode Fuzzy Hash: 65ff3faa485939bd99985d64348ecf4579ed83a04ffd0bd610d3c97037bb05c0
                                                                      • Instruction Fuzzy Hash: 53F04676800119BFEB10BB61DC06CAFBBBDEF50210B10442EF842A2421DB71AD509B68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetWindowExtEx.GDI32(?,?), ref: 004DCB1D
                                                                      • GetViewportExtEx.GDI32(?,?), ref: 004DCB2A
                                                                      • MulDiv.KERNEL32(?,00000000,00000000), ref: 004DCB4F
                                                                      • MulDiv.KERNEL32(?,00000000,00000000), ref: 004DCB6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ViewportWindow
                                                                      • String ID:
                                                                      • API String ID: 1589084482-0
                                                                      • Opcode ID: 4297694988a4680ff721f9ddc7f764c8bb5bd5f4bd5a4f1dfd351f5f50e89667
                                                                      • Instruction ID: 7b62d94b7b9ccff9626589c634c304087483272d29bae325e7f0945e8851b3be
                                                                      • Opcode Fuzzy Hash: 4297694988a4680ff721f9ddc7f764c8bb5bd5f4bd5a4f1dfd351f5f50e89667
                                                                      • Instruction Fuzzy Hash: 1FF04676800119BFEB10BB61DC06CAFBBBDEF50210B10442EF842A2421DB71AD509B68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?), ref: 004DD761
                                                                      • GetWindowTextA.USER32(?,?,00000100), ref: 004DD77D
                                                                      • lstrcmpA.KERNEL32(?,?), ref: 004DD791
                                                                      • SetWindowTextA.USER32(?,?), ref: 004DD7A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow$lstrcmplstrlen
                                                                      • String ID:
                                                                      • API String ID: 330964273-0
                                                                      • Opcode ID: a747b4e9d17ff9211986b13b0bcc6268403ec467ca59cfdeba359e748f88092e
                                                                      • Instruction ID: 8bed719cbfd7c512ed58d9f5b9eaf9ae03273fa8becb766652550cd9e629e8e9
                                                                      • Opcode Fuzzy Hash: a747b4e9d17ff9211986b13b0bcc6268403ec467ca59cfdeba359e748f88092e
                                                                      • Instruction Fuzzy Hash: BBF08232400018ABCF226F24DC88EDE7F79FB18390F054072F849D5220D775D9948B98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __startOneArgErrorHandling.LIBCMT ref: 004C4EF2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorHandling__start
                                                                      • String ID: pow
                                                                      • API String ID: 3213639722-2276729525
                                                                      • Opcode ID: c1241c337561cced7a0bdd811737b9e7510cf842a816dd3c0d7a72968db7fc1d
                                                                      • Instruction ID: 1b358afcc256d5d456c60db0ac63ac013c81fb21ccc6c68699d50aabe6598068
                                                                      • Opcode Fuzzy Hash: c1241c337561cced7a0bdd811737b9e7510cf842a816dd3c0d7a72968db7fc1d
                                                                      • Instruction Fuzzy Hash: 6951516C90820A97C7917718CB22F7B2B949B90718F214D5FE4C5813A5DB3D8CE9D64F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetCPInfo.KERNEL32(?,00000000), ref: 004C92ED
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID: $
                                                                      • API String ID: 1807457897-3032137957
                                                                      • Opcode ID: 67a96a351c65b2d564857a3e3ef1fe63e43fc180e2aab5aa0faf392daa9f5140
                                                                      • Instruction ID: b2d91506053161297bfd74a61f69696810e08b648607ff8d843694fd2756aac3
                                                                      • Opcode Fuzzy Hash: 67a96a351c65b2d564857a3e3ef1fe63e43fc180e2aab5aa0faf392daa9f5140
                                                                      • Instruction Fuzzy Hash: 64418A315082987EDB9A9714CC9DFFB7F989B06704F1400EED689C7193C2385D89E76A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 004DFC17
                                                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004DFC27
                                                                      • LocalFree.KERNEL32(?), ref: 004DFC30
                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 004DFC46
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                      • String ID:
                                                                      • API String ID: 2949335588-0
                                                                      • Opcode ID: ea5d9ceb2501de41161f23e6f6fbb66e786c0cc4cecba04f5098f46e21d679eb
                                                                      • Instruction ID: 272109bf9c499acb67eca9786f7573cafed835c5f16dcde8daeb23cde8c7c205
                                                                      • Opcode Fuzzy Hash: ea5d9ceb2501de41161f23e6f6fbb66e786c0cc4cecba04f5098f46e21d679eb
                                                                      • Instruction Fuzzy Hash: 7D216A31200204EFDB259F48D895B6A77A4FF41B55F10807FE9438B2A2C7B5F855CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • HeapReAlloc.KERNEL32(00000000,?,00000000,00000000,004CDBC2,00000000,00000000,00000000,004C65D3,00000000,00000000,?,00000000,00000000,00000000), ref: 004CDE22
                                                                      • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,004CDBC2,00000000,00000000,00000000,004C65D3,00000000,00000000,?,00000000,00000000,00000000), ref: 004CDE56
                                                                      • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004CDE70
                                                                      • HeapFree.KERNEL32(00000000,?), ref: 004CDE87
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap$FreeVirtual
                                                                      • String ID:
                                                                      • API String ID: 3499195154-0
                                                                      • Opcode ID: 5e74caa20cc9fea879ca9f5326fa883a9f0030eb15a7439c994c7bda5dd4bc05
                                                                      • Instruction ID: 88b20d03b6796223304604581f74c084d8835aa1a1c3d1298ccf8dfc8ca616f5
                                                                      • Opcode Fuzzy Hash: 5e74caa20cc9fea879ca9f5326fa883a9f0030eb15a7439c994c7bda5dd4bc05
                                                                      • Instruction Fuzzy Hash: 621116716006019FC7A19F19EC85E277BBAFBA5760B105A2EE155CA1E0C3B1E84AEF14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(005ACCE0,?,00000000,?,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F), ref: 004E09F8
                                                                      • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F), ref: 004E0A0A
                                                                      • LeaveCriticalSection.KERNEL32(005ACCE0,?,00000000,?,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F), ref: 004E0A13
                                                                      • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F,004DAF1F), ref: 004E0A25
                                                                        • Part of subcall function 004E092A: GetVersion.KERNEL32(?,004E09CD,?,004DFD62,00000010,?,00000000,?,?,?,004DF749,004DF7AC,004DF02D,004DF74F,004DAF1F,004DC1BB), ref: 004E093D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$Enter$InitializeLeaveVersion
                                                                      • String ID:
                                                                      • API String ID: 1193629340-0
                                                                      • Opcode ID: 891be775cb2b1323308fb96818112e69aaeb635f6d2e2434e06ec1e9423f1b47
                                                                      • Instruction ID: 0a65387142a8ddcd4f80273ac1ede6f79e408fa5583ca153dfb4401965e46329
                                                                      • Opcode Fuzzy Hash: 891be775cb2b1323308fb96818112e69aaeb635f6d2e2434e06ec1e9423f1b47
                                                                      • Instruction Fuzzy Hash: A9F0817140124ADFCB10AF55EC80952B7ADFB32326F000436E66996012D7B4E959DA98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • InitializeCriticalSection.KERNEL32(?,004C9C44,?,004C4D0D), ref: 004CC528
                                                                      • InitializeCriticalSection.KERNEL32(?,004C9C44,?,004C4D0D), ref: 004CC530
                                                                      • InitializeCriticalSection.KERNEL32(?,004C9C44,?,004C4D0D), ref: 004CC538
                                                                      • InitializeCriticalSection.KERNEL32(?,004C9C44,?,004C4D0D), ref: 004CC540
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2875572195.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2875559668.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875634313.00000000004E6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875670829.000000000055B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875683250.000000000055D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875695718.000000000055F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875708924.000000000056E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.0000000000572000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.000000000057F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875720965.00000000005B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2875771829.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_TA.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalInitializeSection
                                                                      • String ID:
                                                                      • API String ID: 32694325-0
                                                                      • Opcode ID: e30a86de1c0bc67f6efb8c1215b03465c0db557a2c675bad1d8e2b757a7da6a0
                                                                      • Instruction ID: f4f2edd9b93162f114825bd55f393901b400adfc59d0769fd2f9ba41cc2c8c4b
                                                                      • Opcode Fuzzy Hash: e30a86de1c0bc67f6efb8c1215b03465c0db557a2c675bad1d8e2b757a7da6a0
                                                                      • Instruction Fuzzy Hash: ACC00237C1003ADBCA112B65FE0D84E3FA5EB242A13011073A10C510B286B11C94FFD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%