Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U67e5#U8be2#U5165#U53e3.exe

Overview

General Information

Sample name:#U67e5#U8be2#U5165#U53e3.exe
renamed because original name is a hash value
Original sample name:.exe
Analysis ID:1375851
MD5:a7585e8304d084bbc7673bbdedba8412
SHA1:71f8f26278c389f56e20f95e7b9f8d0c61fed7d4
SHA256:9eb273676c67097993cbf11960bfaedd71374c4c712e58a3fa6098b36a9f0ffd
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Early bird code injection technique detected
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Drops PE files to the document folder of the user
Found API chain indicative of debugger detection
Queues an APC in another process (thread injection)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sleep loop found (likely to delay execution)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • #U67e5#U8be2#U5165#U53e3.exe (PID: 1072 cmdline: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe MD5: A7585E8304D084BBC7673BBDEDBA8412)
    • msiexec.exe (PID: 5080 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • explorer.exe (PID: 6184 cmdline: C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • explorer.exe (PID: 6020 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • msedge.exe (PID: 6200 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: A7585E8304D084BBC7673BBDEDBA8412)
    • msedge.exe (PID: 2520 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: A7585E8304D084BBC7673BBDEDBA8412)
      • msiexec.exe (PID: 7000 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://whois.pconline.com.cn/ipJson.jspEAvira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jspnAvira URL Cloud: Label: malware
Source: #U67e5#U8be2#U5165#U53e3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1648526905.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000001.00000000.1649447803.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1872533809.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 00000009.00000002.1872379344.0000000000610000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1872819377.0000000010012000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1648526905.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000000.1649447803.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1872533809.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 206.238.115.95:11595
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.115.95
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004013A0 GetProcAddress,RegOpenKeyA,GetProcAddress,RegOpenKeyA,RegQueryValueExA,RegCloseKey,recv,Sleep,Sleep,Sleep,0_2_004013A0
Source: global trafficHTTP traffic detected: GET /ipJson.jsp HTTP/1.1User-Agent: HTTPGETHost: whois.pconline.com.cnCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: whois.pconline.com.cn
Source: msiexec.exe, 00000001.00000002.4081710841.0000000003188000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000003.2991816319.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/
Source: msiexec.exe, 00000009.00000002.1872819377.0000000010012000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp
Source: msiexec.exe, 00000001.00000002.4081710841.0000000003188000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000003.2991816319.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspE
Source: msiexec.exe, 00000001.00000003.2991582014.00000000031A8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000002.4082138614.00000000031A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspn
Source: #U67e5#U8be2#U5165#U53e3.exe, msedge.exe.0.drString found in binary or memory: http://www.360.cn
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,0_2_0040E890
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,0_2_0040E890
Source: C:\Users\user\Documents\msedge.exeCode function: 5_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,5_2_0040E890
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,8_2_0040E890
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess Stats: CPU usage > 49%
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D63E3 GetVersionExW,GetCurrentProcess,NtQueryInformationProcess,GetCommandLineW,GetStdHandle,GetFileType,memset,memset,RegQueryValueExW,RegCloseKey,RegQueryValueExW,RegCloseKey,CompareStringW,CompareStringW,CompareStringW,memset,GlobalFree,lstrlenW,GlobalFree,CoInitialize,CoRegisterClassObject,GetCurrentThread,OpenThreadToken,GetLastError,OpenEventW,WaitForSingleObject,CloseHandle,RevertToSelf,RegCloseKey,RegEnumKeyW,RevertToSelf,GetCurrentProcess,OpenProcessToken,GetTokenInformation,EqualSid,CloseHandle,GetLastError,memset,CloseHandle,MakeAbsoluteSD,GetLastError,CloseHandle,CloseHandle,CreateEventW,CloseHandle,CreateEventW,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,TranslateMessage,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CoRevokeClassObject,CoUninitialize,GetLastError,GetMessageW,TranslateMessage,DispatchMessageW,1_2_007D63E3
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_100057B0 InterlockedExchange,ExitWindowsEx,0_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_100057B0 InterlockedExchange,ExitWindowsEx,1_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030C75EC ExitWindowsEx,1_2_030C75EC
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100057B0 InterlockedExchange,ExitWindowsEx,8_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_100057B0 InterlockedExchange,ExitWindowsEx,9_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_006175EC ExitWindowsEx,9_2_006175EC
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_100024D00_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D63E31_2_007D63E3
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_100024D01_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030C40D41_2_030C40D4
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100024D08_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_100024D09_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_006140D49_2_006140D4
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: String function: 00414F64 appears 31 times
Source: C:\Users\user\Documents\msedge.exeCode function: String function: 00414F64 appears 62 times
Source: #U67e5#U8be2#U5165#U53e3.exeStatic PE information: invalid certificate
Source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000000.1612812686.000000000041F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGfxList.EXEJ vs #U67e5#U8be2#U5165#U53e3.exe
Source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1648526905.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs #U67e5#U8be2#U5165#U53e3.exe
Source: #U67e5#U8be2#U5165#U53e3.exeBinary or memory string: OriginalFilenameGfxList.EXEJ vs #U67e5#U8be2#U5165#U53e3.exe
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: #U67e5#U8be2#U5165#U53e3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal80.evad.winEXE@10/4@1/2
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DE90
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D2F93 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,1_2_007D2F93
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,1_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,1_2_1000DD00
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,8_2_1000DE90
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,8_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DD00
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_10005720 OutputDebugStringA,CreateToolhelp32Snapshot,Process32First,_mbsicmp,Process32Next,FindCloseChangeNotification,0_2_10005720
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004129D0 AppendMenuA,#1146,FindResourceA,LoadResource,LockResource,#2096,ImageList_SetBkColor,#1146,LoadBitmapA,#1641,ImageList_AddMasked,#2414,#2414,0_2_004129D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_007D7DD0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_007D7DD0
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Users\user\Documents\msedge.exeJump to behavior
Source: C:\Program Files (x86)\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\1:11595
Source: unknownProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: #U67e5#U8be2#U5165#U53e3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile read: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe" Jump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1648526905.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000001.00000000.1649447803.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1872533809.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 00000009.00000002.1872379344.0000000000610000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1872819377.0000000010012000.00000002.00001000.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1648526905.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000000.1649447803.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 00000009.00000002.1872533809.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: msiexec.exe.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004157F0 push eax; ret 0_2_0041581E
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_10010039 push ecx; ret 0_2_1001004C
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_10010275 push ecx; ret 0_2_10010288
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_1000EBE0 push 3B000002h; ret 0_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D9F2D push ecx; ret 1_2_007D9F40
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_10010039 push ecx; ret 1_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_10010275 push ecx; ret 1_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000EBE0 push 3B000002h; ret 1_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030D07E4 push 3B000002h; ret 1_2_030D07E9
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030D1E79 push ecx; ret 1_2_030D1E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030D1C3D push ecx; ret 1_2_030D1C50
Source: C:\Users\user\Documents\msedge.exeCode function: 5_2_004157F0 push eax; ret 5_2_0041581E
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_004157F0 push eax; ret 8_2_0041581E
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10010039 push ecx; ret 8_2_1001004C
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10010275 push ecx; ret 8_2_10010288
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000EBE0 push 3B000002h; ret 8_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_10010039 push ecx; ret 9_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_10010275 push ecx; ret 9_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000EBE0 push 3B000002h; ret 9_2_1000EBE5
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00621C3D push ecx; ret 9_2_00621C50
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00621E79 push ecx; ret 9_2_00621E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_006207E4 push 3B000002h; ret 9_2_006207E9

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D7DD0 StartServiceCtrlDispatcherW,GetLastError,1_2_007D7DD0
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3589Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3005Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3139Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_1-15511
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeAPI coverage: 5.0 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 9.7 %
Source: C:\Users\user\Documents\msedge.exeAPI coverage: 4.6 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 4.4 %
Source: C:\Program Files (x86)\msiexec.exe TID: 5052Thread sleep count: 3589 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5052Thread sleep time: -10767000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 3300Thread sleep count: 3005 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 3300Thread sleep time: -30050s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5052Thread sleep count: 3139 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5052Thread sleep time: -9417000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exeThread sleep count: Count: 3005 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_10006970 GetModuleHandleW,GetProcAddress,OutputDebugStringA,memset,memset,gethostname,gethostbyname,inet_ntoa,strcat_s,strcat_s,strcat_s,inet_ntoa,strcat_s,strcat_s,inet_addr,wsprintfA,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,GlobalMemoryStatusEx,OutputDebugStringA,capGetDriverDescriptionA,wsprintfA,OutputDebugStringA,OutputDebugStringA,??3@YAXPAX@Z,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_10006970
Source: msiexec.exe, 00000001.00000002.4081627912.000000000315A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000002.4082209864.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000003.2991582014.00000000031C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000003.00000003.2401128905.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000003.1651625483.000000000075C000.00000004.00000020.00020000.00000000.sdmp, #U67e5#U8be2#U5165#U53e3.exe, 00000000.00000002.4082390022.000000000075C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-%
Source: msedge.exe, 00000008.00000002.1882840465.0000000000535000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1872442510.00000000006AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_1-15739
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Program Files (x86)\msiexec.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_1-15778
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D59F2 GetLastError,RegQueryValueExW,RegCloseKey,GlobalFree,RegCreateKeyExW,RegSetValueExW,lstrlenW,RegSetValueExW,RegCloseKey,memset,OutputDebugStringW,SetLastError,1_2_007D59F2
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D63E3 mov eax, dword ptr fs:[00000030h]1_2_007D63E3
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D9C10 SetUnhandledExceptionFilter,1_2_007D9C10
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D95F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_007D95F0
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,1_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_030D1740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_030D1740
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,8_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,9_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 9_2_00621740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00621740

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Documents\msedge.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 30C0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 610000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_100052B0 OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,memset,OutputDebugStringA,CreateProcessA,CreateProcessA,memset,??2@YAPAXI@Z,GetNativeSystemInfo,GetSystemWow64DirectoryA,GetSystemDirectoryA,OutputDebugStringA,SHGetFolderPathA,sprintf_s,CopyFileA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,OutputDebugStringA,Wow64SuspendThread,OutputDebugStringA,VirtualAllocEx,OutputDebugStringA,WriteProcessMemory,OutputDebugStringA,QueueUserAPC,ResumeThread,0_2_100052B0
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeThread APC queued: target process: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 30C0000Jump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 610000Jump to behavior
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D31A9 FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,GetLengthSid,memset,GlobalAlloc,InitializeAcl,AddAccessAllowedAce,GetAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetSecurityDescriptorLength,MakeSelfRelativeSD,GetLastError,GlobalFree,GetLastError,FreeSid,1_2_007D31A9
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D30F2 AllocateAndInitializeSid,GetLastError,GetLengthSid,FreeSid,GetLengthSid,memcpy,FreeSid,1_2_007D30F2
Source: C:\Program Files (x86)\msiexec.exeCode function: memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,1_2_007D5C84
Source: C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exeCode function: 0_2_10010474 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_10010474
Source: C:\Program Files (x86)\msiexec.exeCode function: 1_2_007D5C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,1_2_007D5C84
Source: msiexec.exe, msiexec.exe, 00000009.00000002.1872379344.0000000000610000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1872819377.0000000010012000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: msiexec.exe, msiexec.exe, 00000009.00000002.1872379344.0000000000610000.00000040.00000400.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1872819377.0000000010012000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium2
Ingress Tool Transfer
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
System Shutdown/Reboot
Acquire InfrastructureGather Victim Identity Information
Default Accounts2
Service Execution
3
Windows Service
1
Access Token Manipulation
2
Obfuscated Files or Information
LSASS Memory11
File and Directory Discovery
Remote Desktop Protocol1
Data from Local System
Exfiltration Over Bluetooth1
Encrypted Channel
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAt1
Registry Run Keys / Startup Folder
3
Windows Service
1
DLL Side-Loading
Security Account Manager14
System Information Discovery
SMB/Windows Admin Shares2
Clipboard Data
Automated Exfiltration1
Non-Standard Port
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin Hook511
Process Injection
12
Masquerading
NTDS141
Security Software Discovery
Distributed Component Object ModelInput CaptureTraffic Duplication2
Non-Application Layer Protocol
Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder
12
Virtualization/Sandbox Evasion
LSA Secrets12
Virtualization/Sandbox Evasion
SSHKeyloggingScheduled Transfer2
Application Layer Protocol
Data Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation
Cached Domain Credentials2
Process Discovery
VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup Items511
Process Injection
DCSync1
Application Window Discovery
Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1375851 Sample: #U67e5#U8be2#U5165#U53e3.exe Startdate: 17/01/2024 Architecture: WINDOWS Score: 80 33 whois.pconline.com.cn.ctadns.cn 2->33 35 whois.pconline.com.cn 2->35 39 Antivirus detection for URL or domain 2->39 41 Found API chain indicative of debugger detection 2->41 8 #U67e5#U8be2#U5165#U53e3.exe 3 3 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 1 2->15         started        signatures3 process4 dnsIp5 37 206.238.115.95, 11595, 49731, 49732 COGENT-174US United States 8->37 27 C:\Users\user\Documents\msedge.exe, PE32 8->27 dropped 29 C:\Program Files (x86)\msiexec.exe, PE32 8->29 dropped 49 Early bird code injection technique detected 8->49 51 Drops PE files to the document folder of the user 8->51 53 Contains functionality to inject code into remote processes 8->53 55 3 other signatures 8->55 17 msiexec.exe 13 8->17         started        20 msedge.exe 13->20         started        23 msedge.exe 13->23         started        file6 signatures7 process8 dnsIp9 31 whois.pconline.com.cn.ctadns.cn 14.29.101.160, 49733, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->31 43 Early bird code injection technique detected 20->43 45 Writes to foreign memory regions 20->45 47 Allocates memory in foreign processes 20->47 25 msiexec.exe 20->25         started        signatures10 process11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Program Files (x86)\msiexec.exe0%ReversingLabs
C:\Program Files (x86)\msiexec.exe0%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
whois.pconline.com.cn.ctadns.cn1%VirustotalBrowse
whois.pconline.com.cn0%VirustotalBrowse
SourceDetectionScannerLabelLink
http://whois.pconline.com.cn/ipJson.jspE100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jsp0%Avira URL Cloudsafe
http://whois.pconline.com.cn/0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jspn100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jspn0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jspE0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jsp0%VirustotalBrowse
http://whois.pconline.com.cn/0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
whois.pconline.com.cn.ctadns.cn
14.29.101.160
truefalseunknown
whois.pconline.com.cn
unknown
unknownfalseunknown
NameMaliciousAntivirus DetectionReputation
http://whois.pconline.com.cn/ipJson.jspfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
http://whois.pconline.com.cn/ipJson.jspnmsiexec.exe, 00000001.00000003.2991582014.00000000031A8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000002.4082138614.00000000031A8000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://www.360.cn#U67e5#U8be2#U5165#U53e3.exe, msedge.exe.0.drfalse
    high
    http://whois.pconline.com.cn/ipJson.jspEmsiexec.exe, 00000001.00000002.4081710841.0000000003188000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000003.2991816319.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: malware
    unknown
    http://whois.pconline.com.cn/msiexec.exe, 00000001.00000002.4081710841.0000000003188000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000001.00000003.2991816319.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    unknown
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    206.238.115.95
    unknownUnited States
    174COGENT-174USfalse
    14.29.101.160
    whois.pconline.com.cn.ctadns.cnChina
    58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
    Joe Sandbox version:38.0.0 Ammolite
    Analysis ID:1375851
    Start date and time:2024-01-17 04:34:10 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 8m 8s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Run name:Potential for more IOCs and behavior
    Number of analysed new started processes analysed:12
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:1
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:#U67e5#U8be2#U5165#U53e3.exe
    renamed because original name is a hash value
    Original Sample Name:.exe
    Detection:MAL
    Classification:mal80.evad.winEXE@10/4@1/2
    EGA Information:
    • Successful, ratio: 80%
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 54
    • Number of non-executed functions: 346
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Override analysis time to 240s for sample files taking high CPU consumption
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Execution Graph export aborted for target msedge.exe, PID 6200 because there are no executed function
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    TimeTypeDescription
    03:35:02AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegistered explorer "C:\Users\user\Documents\msedge.exe"
    04:35:37API Interceptor2485080x Sleep call for process: msiexec.exe modified
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    14.29.101.1607r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    whois.pconline.com.cn.ctadns.cnsample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.169
    sample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.169
    sample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.169
    7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.160
    7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    Wolf.exeGet hashmaliciousUnknownBrowse
    • 115.231.173.59
    Wolf.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.168
    Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.22
    Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.20
    7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.22
    uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.21
    5IWAoAL05H.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.23
    5IWAoAL05H.exeGet hashmaliciousUnknownBrowse
    • 121.14.45.19
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    COGENT-174USsample.exeGet hashmaliciousUnknownBrowse
    • 206.238.220.90
    sample.exeGet hashmaliciousUnknownBrowse
    • 206.238.220.90
    sample.exeGet hashmaliciousUnknownBrowse
    • 206.238.220.90
    https://nhh1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
    • 38.91.45.7
    file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, GuLoader, StealcBrowse
    • 38.6.193.13
    file.exeGet hashmaliciousHTMLPhisher, Fabookie, GuLoader, Stealc, VidarBrowse
    • 38.6.193.13
    rSPAREPARTSLISTS.exeGet hashmaliciousFormBook, GuLoaderBrowse
    • 38.173.16.130
    X73WpHC3gP.exeGet hashmaliciousUnknownBrowse
    • 206.238.199.149
    http://royalmailer.lifeGet hashmaliciousUnknownBrowse
    • 38.60.212.241
    huhu.mips.elfGet hashmaliciousMiraiBrowse
    • 154.7.203.221
    https://dhl-polska.crabdance.com/oplata/billing.phpGet hashmaliciousUnknownBrowse
    • 149.100.158.211
    https://filf.pages.dev/Get hashmaliciousHTMLPhisherBrowse
    • 38.98.69.175
    RlvKA19dEC.exeGet hashmaliciousBazaLoaderBrowse
    • 50.7.14.36
    skyljne.mips.elfGet hashmaliciousMiraiBrowse
    • 38.188.252.204
    skyljne.arm5.elfGet hashmaliciousMiraiBrowse
    • 136.161.34.67
    skyljne.x86_64.elfGet hashmaliciousMiraiBrowse
    • 38.161.13.44
    skyljne.arm7.elfGet hashmaliciousMiraiBrowse
    • 149.122.79.233
    pODiBEZJjp.elfGet hashmaliciousMiraiBrowse
    • 154.60.6.216
    QzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
    • 38.137.36.237
    CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNsample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.160
    sample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.160
    sample.exeGet hashmaliciousUnknownBrowse
    • 14.29.101.169
    QzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
    • 14.23.101.197
    skyljne.mips-20240113-1800.elfGet hashmaliciousMiraiBrowse
    • 113.104.169.239
    nfulha516h.elfGet hashmaliciousMiraiBrowse
    • 113.104.107.8
    GclZhHgdc9.elfGet hashmaliciousMiraiBrowse
    • 113.104.107.8
    dV50CvXGXi.elfGet hashmaliciousMiraiBrowse
    • 42.240.232.18
    28UlG1fA5p.elfGet hashmaliciousMiraiBrowse
    • 14.22.222.60
    if33NMq1O2.elfGet hashmaliciousMiraiBrowse
    • 14.22.222.69
    http://114.67.217.170/bins/sora.x86Get hashmaliciousUnknownBrowse
    • 114.67.217.170
    telx86-20231224-0150.elfGet hashmaliciousMiraiBrowse
    • 45.116.63.190
    x86-20231214-0334.elfGet hashmaliciousMiraiBrowse
    • 113.97.62.191
    x86-20231212-1319.elfGet hashmaliciousMiraiBrowse
    • 121.14.0.6
    p34XVUW8pN.elfGet hashmaliciousMiraiBrowse
    • 121.15.108.7
    lyLTUlEEaD.elfGet hashmaliciousMiraiBrowse
    • 113.99.33.193
    ZsgAt85vHl.elfGet hashmaliciousUnknownBrowse
    • 14.29.123.255
    https://steam.guesskings.com/profiles/76561199240493541Get hashmaliciousUnknownBrowse
    • 106.75.190.49
    https://steam.guesskings.com/profiles/76561199240493541Get hashmaliciousUnknownBrowse
    • 106.75.190.49
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    C:\Program Files (x86)\msiexec.exesample.exeGet hashmaliciousUnknownBrowse
      Process:C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
      Category:modified
      Size (bytes):59904
      Entropy (8bit):5.770776695007155
      Encrypted:false
      SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
      MD5:9D09DC1EDA745A5F87553048E57620CF
      SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
      SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
      SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
      Malicious:false
      Antivirus:
      • Antivirus: ReversingLabs, Detection: 0%
      • Antivirus: Virustotal, Detection: 0%, Browse
      Joe Sandbox View:
      • Filename: sample.exe, Detection: malicious, Browse
      Reputation:low
      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\msiexec.exe
      File Type:ISO-8859 text
      Category:dropped
      Size (bytes):212
      Entropy (8bit):4.967751774572365
      Encrypted:false
      SSDEEP:6:6bJpDLEs1XKHLo1HXoXXai7+nNtWIzBnAl:AJpxIHLoxYzWNxdAl
      MD5:4CD19DA03E4FBAE30517FB2D2794A438
      SHA1:1BFD8C94A92052970F1B2F89B9A196EDADA5593C
      SHA-256:34C1584A3E286160756139F9FF9AF6D000775E9046A9BA8F8A5716D4C33B9425
      SHA-512:A0D3F3D6527212921CECE422AB7B680B2E63807BEAE6EB33967B4BBD513347A01D903DE2AC93AC8B966CB3CC60F5DF496726E26BCBACA1C03F80F393610277E6
      Malicious:false
      Reputation:low
      Preview:.....if(window.IPCallBack) {IPCallBack({"ip":"154.16.192.193","pro":"....","proCode":"710000","city":"","cityCode":"0","region":"","regionCode":"0","addr":".... .....","regionNames":"","err":"nocity"});}....
      Process:C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
      Category:dropped
      Size (bytes):402776
      Entropy (8bit):5.743411070094406
      Encrypted:false
      SSDEEP:3072:4iA5CY04CFPSC0JSiGzcEh1bmRLm2Zbtp28mdpYiS/FEYg/YB13N82BHP08IgbJu:4p5CY04uSprfq1bmRi2ZzUE1d7q0u
      MD5:A7585E8304D084BBC7673BBDEDBA8412
      SHA1:71F8F26278C389F56E20F95E7B9F8D0C61FED7D4
      SHA-256:9EB273676C67097993CBF11960BFAEDD71374C4C712E58A3FA6098B36A9F0FFD
      SHA-512:B89254FBA8C99A5F18C89330AA43EE578D47BD0340E4AAB98FD5DBD1839D369B59C0AE3A529AA041E457440AFC2D9E7E8CDC772C46C8BC2C036057CC35D490F6
      Malicious:true
      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O............v.......6....................................................].......r.......Rich............PE..L......e.................p..........&X............@.....................................................................................................X............................................................................................text....`.......p.................. ..`.rdata...R.......`..................@..@.data...............................@....rsrc............ ..................@..@................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:3:ggPYV:rPYV
      MD5:187F488E27DB4AF347237FE461A079AD
      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
      Malicious:false
      Preview:[ZoneTransfer]....ZoneId=0
      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):5.743411070094406
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.96%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:#U67e5#U8be2#U5165#U53e3.exe
      File size:402'776 bytes
      MD5:a7585e8304d084bbc7673bbdedba8412
      SHA1:71f8f26278c389f56e20f95e7b9f8d0c61fed7d4
      SHA256:9eb273676c67097993cbf11960bfaedd71374c4c712e58a3fa6098b36a9f0ffd
      SHA512:b89254fba8c99a5f18c89330aa43ee578d47bd0340e4aab98fd5dbd1839d369b59c0ae3a529aa041e457440afc2d9e7e8cdc772c46c8bc2c036057cc35d490f6
      SSDEEP:3072:4iA5CY04CFPSC0JSiGzcEh1bmRLm2Zbtp28mdpYiS/FEYg/YB13N82BHP08IgbJu:4p5CY04uSprfq1bmRi2ZzUE1d7q0u
      TLSH:51847482F68194C5F4265F34205622315EAEAE982F08F1BFDA50BEFED973DD3581824D
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O............v.......6.......................................................].......r.......Rich............PE..L......e...
      Icon Hash:71b018dccec77331
      Entrypoint:0x415826
      Entrypoint Section:.text
      Digitally signed:true
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      DLL Characteristics:
      Time Stamp:0x65A68CF8 [Tue Jan 16 14:04:40 2024 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:2a651e357bb4e58d6c8d5fff5fab0fcd
      Signature Valid:false
      Signature Issuer:CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      Signature Validation Error:The digital signature of the object did not verify
      Error Number:-2146869232
      Not Before, Not After
      • 16/03/2010 00:00:00 15/03/2013 23:59:59
      Subject Chain
      • CN=360.cn, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=360.cn, L=Beijing, S=Beijing, C=CN
      Version:3
      Thumbprint MD5:4775DAE0006007D0840BC44DDF60534A
      Thumbprint SHA-1:7F63633E66A5B4C502575F5E99ECE6F4FE38C4C2
      Thumbprint SHA-256:DB19F756F39967039B964B04BD179E130F7CE7C6C85D663B702FEDCAE8DD8C22
      Serial:74F2958D31D03EB042F9081555305277
      Instruction
      push ebp
      mov ebp, esp
      push FFFFFFFFh
      push 0041A800h
      push 004159ACh
      mov eax, dword ptr fs:[00000000h]
      push eax
      mov dword ptr fs:[00000000h], esp
      sub esp, 68h
      push ebx
      push esi
      push edi
      mov dword ptr [ebp-18h], esp
      xor ebx, ebx
      mov dword ptr [ebp-04h], ebx
      push 00000002h
      call dword ptr [00418710h]
      pop ecx
      or dword ptr [0041EF14h], FFFFFFFFh
      or dword ptr [0041EF18h], FFFFFFFFh
      call dword ptr [0041870Ch]
      mov ecx, dword ptr [0041EF08h]
      mov dword ptr [eax], ecx
      call dword ptr [00418708h]
      mov ecx, dword ptr [0041EF04h]
      mov dword ptr [eax], ecx
      mov eax, dword ptr [00418704h]
      mov eax, dword ptr [eax]
      mov dword ptr [0041EF10h], eax
      call 00007FCD7CE5C9EBh
      cmp dword ptr [0041E8E0h], ebx
      jne 00007FCD7CE5C8DEh
      push 004159A8h
      call dword ptr [00418700h]
      pop ecx
      call 00007FCD7CE5C9BDh
      push 0041E020h
      push 0041E01Ch
      call 00007FCD7CE5C9A8h
      mov eax, dword ptr [0041EF00h]
      mov dword ptr [ebp-6Ch], eax
      lea eax, dword ptr [ebp-6Ch]
      push eax
      push dword ptr [0041EEFCh]
      lea eax, dword ptr [ebp-64h]
      push eax
      lea eax, dword ptr [ebp-70h]
      push eax
      lea eax, dword ptr [ebp-60h]
      push eax
      call dword ptr [004186F8h]
      push 0041E018h
      push 0041E000h
      call 00007FCD7CE5C975h
      Programming Language:
      • [C++] VS98 (6.0) SP6 build 8804
      • [C++] VS98 (6.0) build 8168
      • [EXP] VC++ 6.0 SP5 build 8804
      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x1c0e80xc8.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f0000x41eb8.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x610000x1558
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x180000x81c.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x1600a0x17000False0.46957795516304346data6.019283240748381IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x180000x52ba0x6000False0.2548014322916667data4.1924842649596235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x1e0000xf1c0x1000False0.252685546875data2.7183119260722832IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .rsrc0x1f0000x41eb80x42000False0.3412863991477273data5.195605013377587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      NameRVASizeTypeLanguageCountryZLIB Complexity
      RT_BITMAP0x215580x860Device independent bitmap graphic, 272 x 15 x 4, image size 2040ItalianItaly0.3670708955223881
      RT_BITMAP0x5f0b00x3b0Device independent bitmap graphic, 112 x 15 x 4, image size 840ItalianItaly0.4141949152542373
      RT_BITMAP0x21f700x328Device independent bitmap graphic, 82 x 16 x 4, image size 704ItalianItaly0.37623762376237624
      RT_BITMAP0x21db80x1b8Device independent bitmap graphic, 45 x 14 x 4, image size 336ItalianItaly0.31136363636363634
      RT_BITMAP0x222980x5ae0Device independent bitmap graphic, 145 x 150 x 8, image size 22200ItalianItaly0.04543500687757909
      RT_BITMAP0x27d780x37338Device independent bitmap graphic, 385 x 580 x 8, image size 225040, resolution 11811 x 11811 px/m, 256 important colorsItalianItaly0.37460637582705303
      RT_ICON0x1fa080x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512ItalianItaly0.33064516129032256
      RT_ICON0x1fcf00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128ItalianItaly0.4391891891891892
      RT_ICON0x1fe400x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512ItalianItaly0.25268817204301075
      RT_ICON0x201280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ItalianItaly0.4560810810810811
      RT_MENU0x5f4600x322dataItalianItaly0.4613466334164589
      RT_DIALOG0x202e80x12adataItalianItaly0.6241610738255033
      RT_DIALOG0x204180x86dataItalianItaly0.7313432835820896
      RT_DIALOG0x204a00x24cdataItalianItaly0.4812925170068027
      RT_DIALOG0x206f00x3b0dataItalianItaly0.4194915254237288
      RT_DIALOG0x20aa00xe6dataItalianItaly0.6478260869565218
      RT_DIALOG0x20b880x402dataItalianItaly0.4220272904483431
      RT_DIALOG0x20f900x280dataItalianItaly0.465625
      RT_STRING0x5f7880x90dataItalianItaly0.4097222222222222
      RT_STRING0x60a400x304dataItalianItaly0.2966321243523316
      RT_STRING0x60d480x16edataItalianItaly0.2814207650273224
      RT_STRING0x5f8180x40dataItalianItaly0.640625
      RT_STRING0x5f8980x338dataItalianItaly0.3131067961165049
      RT_STRING0x5fd480x2c0dataItalianItaly0.07102272727272728
      RT_STRING0x601a00x3b6dataItalianItaly0.3178947368421053
      RT_STRING0x601280x78dataItalianItaly0.6
      RT_STRING0x5fbd00x178dataItalianItaly0.45478723404255317
      RT_STRING0x600080x120dataItalianItaly0.3715277777777778
      RT_STRING0x5f8580x40dataItalianItaly0.734375
      RT_STRING0x605580x144dataItalianItaly0.29012345679012347
      RT_STRING0x606a00x252dataItalianItaly0.36195286195286197
      RT_STRING0x608f80xacdataItalianItaly0.5988372093023255
      RT_STRING0x609a80x92dataItalianItaly0.5958904109589042
      RT_ACCELERATOR0x202780x70dataItalianItaly0.6875
      RT_GROUP_ICON0x1fe180x22dataItalianItaly1.0
      RT_GROUP_ICON0x202500x22dataItalianItaly1.0294117647058822
      RT_VERSION0x212100x2fcdataItalianItaly0.4607329842931937
      RT_MANIFEST0x1f8800x188XML 1.0 document, ASCII text, with CRLF line terminatorsChineseChina0.5892857142857143
      None0x215100x2edataItalianItaly1.1521739130434783
      None0x215400x16dataItalianItaly1.3636363636363635
      DLLImport
      MFC42.DLL
      MSVCRT.dll_setmbcp, __CxxFrameHandler, qsort, atoi, _stricmp, __dllonexit, _onexit, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp
      KERNEL32.dllGetModuleHandleA, FindResourceA, LoadResource, LockResource, lstrcpynA, GlobalLock, GlobalUnlock, lstrlenA, lstrcpyA, GlobalAlloc, GlobalReAlloc, GlobalFree, Sleep, GetProcessHeap, HeapAlloc, CreateThread, GetProcAddress, CloseHandle, CreateEventA, LoadLibraryA, GetStartupInfoA
      USER32.dllOpenClipboard, GetWindowRect, LoadImageA, DefWindowProcA, GetClassInfoA, SystemParametersInfoA, DrawStateA, GetTabbedTextExtentA, GetMenuState, ModifyMenuA, GetMenuStringA, GetSubMenu, GetMenuItemID, EmptyClipboard, IsRectEmpty, SetCapture, SetRect, GetSystemMetrics, ScreenToClient, LoadCursorA, SetCursor, CopyRect, GetSysColor, DrawTextA, EnableWindow, InvalidateRect, SendMessageA, SetClipboardData, CloseClipboard, GetWindowLongA, GetDlgItem, ShowScrollBar, EnableScrollBar, OffsetRect, GetFocus, FrameRect, CreatePopupMenu, AppendMenuA, GetMessagePos, GetCursorPos, IsWindow, WindowFromPoint, GetKeyState, TranslateMessage, DispatchMessageA, PtInRect, PostMessageA, IsChild, InflateRect, LoadBitmapA, IsWindowVisible, UpdateWindow, ReleaseCapture, GetClientRect, GetParent, GetMenuItemCount, ClientToScreen
      GDI32.dllCreateHalftonePalette, DPtoLP, GetTextColor, GetDIBColorTable, CreateCompatibleBitmap, DeleteObject, CreatePalette, GetDeviceCaps, RealizePalette, CreateFontIndirectA, CreateCompatibleDC, GetObjectA, BitBlt, Polygon, CreateRectRgnIndirect, GetStockObject, SelectObject, StretchBlt, GetTextExtentPoint32A, PatBlt
      ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyA
      COMCTL32.dllImageList_Add, ImageList_GetImageInfo, ImageList_Draw, ImageList_GetIcon, ImageList_AddMasked, ImageList_GetIconSize, ImageList_DrawEx, ImageList_SetBkColor
      WS2_32.dllclosesocket, WSACleanup, WSAStartup, gethostbyname
      MSVCP60.dll??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ
      Language of compilation systemCountry where language is spokenMap
      ItalianItaly
      ChineseChina
      TimestampSource PortDest PortSource IPDest IP
      Jan 17, 2024 04:34:56.646099091 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:56.962033033 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:56.962152958 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:56.962621927 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.276324034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.276397943 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.276448965 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.276499033 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.276499033 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.276549101 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.590152979 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590261936 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590315104 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590337038 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.590368032 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590419054 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590468884 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590517044 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.590527058 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.590559959 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.641845942 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904009104 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904114962 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904166937 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904216051 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904287100 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904386997 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904422045 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904422045 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904459953 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904537916 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904567957 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904634953 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904720068 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904763937 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904803991 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904849052 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.904886961 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.904942989 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:57.955313921 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.955379009 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:57.955557108 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.217842102 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.217961073 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218015909 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218044996 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218067884 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218121052 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218139887 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218173027 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218216896 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218221903 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218271971 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218314886 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218322039 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218373060 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218414068 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218421936 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218475103 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218518019 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218523979 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218574047 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218616962 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218624115 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218673944 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218717098 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218724012 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218775034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218816996 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218825102 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218875885 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218921900 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.218924999 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.218976974 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.219024897 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.219029903 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.219075918 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.219119072 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.269033909 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.269119024 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.269175053 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.269227982 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.269289017 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.269503117 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533101082 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533195019 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533246040 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533298969 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533354044 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533385038 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533385038 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533406019 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533457041 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533457994 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533514977 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533564091 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533615112 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533663034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533720016 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533757925 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533757925 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533771992 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533823013 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.533827066 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533879995 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.533957958 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534008026 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534056902 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534090042 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534090042 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534110069 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534154892 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534162045 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534212112 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534220934 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534262896 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534312010 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534320116 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534360886 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534408092 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534415007 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534460068 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534512043 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534522057 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534564972 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534617901 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534635067 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534667969 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534717083 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534723997 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534766912 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534815073 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534822941 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534866095 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534915924 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.534934044 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.534965992 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535017014 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535021067 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535069942 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535119057 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535126925 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535168886 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535218000 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535227060 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535268068 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535317898 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535339117 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535368919 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535418034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535425901 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535470009 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535517931 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535526037 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.535569906 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.535630941 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.583450079 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583512068 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583534956 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583556890 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583580017 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583640099 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583718061 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583719969 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.583780050 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.583782911 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.583842993 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.595372915 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.849338055 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849400997 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849426031 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849447012 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849504948 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849617958 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849687099 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849740028 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.849740028 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.849745989 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849895954 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.849930048 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.849982977 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850032091 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850081921 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850167036 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850167036 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850167036 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850255013 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850307941 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850339890 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850428104 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850478888 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850481987 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850564957 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850620031 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850652933 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850738049 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850792885 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850836039 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850888014 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.850939989 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.850971937 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851054907 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851111889 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851119995 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851207972 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851259947 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851272106 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851357937 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851408958 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851461887 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851550102 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851599932 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851599932 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851684093 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851757050 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851764917 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851895094 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.851948023 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.851999998 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852085114 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852134943 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852176905 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852262974 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852310896 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852344036 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852395058 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852442980 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852442980 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852497101 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852545977 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852546930 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852600098 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852647066 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852649927 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852700949 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852749109 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852750063 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852818012 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852869034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852874041 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.852921009 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852972984 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.852974892 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853058100 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853107929 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853116035 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853157997 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853209972 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853240013 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853291988 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853338957 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853346109 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853388071 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853440046 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853471041 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853522062 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853580952 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853637934 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853729963 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853789091 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853811979 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853862047 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853909969 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.853929996 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.853981018 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854024887 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854028940 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854079962 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854127884 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854127884 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854214907 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854264975 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854296923 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854348898 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854397058 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854429960 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854480982 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854528904 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854530096 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854579926 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854628086 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854661942 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854713917 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854760885 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854795933 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854882002 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.854929924 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.854964972 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855048895 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855098963 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.855130911 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855338097 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855390072 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.855421066 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855473042 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855521917 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855523109 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.855573893 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855628967 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.855659008 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855741978 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855793953 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.855827093 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855910063 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855959892 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.855967999 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.856065989 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.856120110 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.856142998 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.856167078 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.856214046 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.892208099 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.905823946 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.905924082 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.905977011 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906025887 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906075954 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906126022 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906176090 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906203032 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906203032 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906203032 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906227112 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906275988 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906277895 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906327009 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906373978 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906424046 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906471014 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906503916 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906505108 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906524897 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.906573057 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:58.906574965 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:58.954267025 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163177013 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163269997 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163324118 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163331032 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163377047 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163428068 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163436890 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163486958 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163531065 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163537025 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163589001 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163633108 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163639069 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163691998 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163738966 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163747072 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163800001 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163842916 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163849115 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163899899 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.163944960 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.163949966 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164000034 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164042950 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164048910 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164100885 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164144993 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164151907 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164201975 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164251089 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164252996 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164300919 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164347887 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164351940 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164402008 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164447069 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164453030 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164504051 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164547920 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164552927 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164607048 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.164652109 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.164657116 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:34:59.219866037 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:34:59.235826969 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:00.619991064 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:00.933059931 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:00.933188915 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:01.162516117 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:01.544181108 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:01.545586109 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:01.547214031 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:01.800648928 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:01.800689936 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:01.800769091 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:01.800769091 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:01.928689957 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:02.885860920 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:02.885972023 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:35:02.886051893 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:02.886051893 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:35:02.913861990 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:03.227384090 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:03.282377005 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:16.286329985 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:16.595506907 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:16.595612049 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:16.596157074 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:16.905149937 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:16.905236006 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:16.905288935 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:16.905318022 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:16.905342102 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:16.905395985 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.214225054 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214513063 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214579105 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.214601994 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214658022 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214709997 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214752913 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.214760065 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.214812040 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.214921951 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.297952890 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.524297953 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.524394989 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.524688959 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.525321007 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.525397062 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.525607109 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.525717974 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.525981903 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526237965 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.526268005 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526492119 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526551962 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.526601076 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526684999 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526792049 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.526829958 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.526990891 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.527189970 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.607820034 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.607908964 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.608110905 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.833585024 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.833673000 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.833729029 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.833781004 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.833811045 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.833918095 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.834368944 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834424019 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834471941 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834523916 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834666014 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.834781885 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834830999 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834856987 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.834880114 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.834929943 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835047960 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835097075 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835127115 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835127115 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835148096 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835201025 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835206032 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835266113 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835400105 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835450888 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835500002 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835531950 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835550070 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835603952 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835622072 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835654974 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835702896 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835750103 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.835757971 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.835829020 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.917970896 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.918015957 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.918037891 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.918062925 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:17.918220043 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:17.918220043 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.143132925 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.143208981 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.143235922 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.143273115 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.144656897 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.144742012 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.144793034 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145379066 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145431042 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.145714998 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145737886 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145797014 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.145831108 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145944118 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.145993948 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.146048069 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.146080017 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.146136999 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.146167040 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.146403074 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.146558046 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.146620989 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.146931887 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147052050 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.147066116 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147150993 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147242069 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147264957 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.147293091 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147341013 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147346973 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.147828102 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.147886038 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.148159027 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148271084 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148353100 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148411036 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.148435116 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148510933 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.148560047 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148829937 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.148888111 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.149110079 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.149250031 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.149305105 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.149343014 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.149396896 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.149467945 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.158312082 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.158391953 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.158488035 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.158545971 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.158601999 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.158685923 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.158777952 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.158946991 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159008026 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.159040928 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159244061 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159312010 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.159338951 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159392118 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159475088 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159514904 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.159526110 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.159581900 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.160218000 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.160288095 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.160356998 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.160409927 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.160573006 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.160907984 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.232422113 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232702971 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232752085 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232800007 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232809067 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.232851028 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232851028 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.232903004 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232954979 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.232956886 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.233005047 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.233249903 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.452136993 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.452224016 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.452275038 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.452323914 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.452362061 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.452414036 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.453696012 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.453752995 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.453809023 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.453854084 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454005003 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454060078 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.454149961 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454200983 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454255104 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.454288960 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454372883 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454427958 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.454519987 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454621077 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454675913 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.454680920 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454766035 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454818010 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.454826117 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454907894 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.454967976 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455003023 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455056906 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455106020 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455121040 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455245018 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455296040 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455303907 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455383062 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455442905 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455468893 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455549002 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455609083 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455619097 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455707073 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455761909 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455775976 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455863953 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455913067 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.455919027 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.455998898 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456060886 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.456630945 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456693888 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456751108 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.456757069 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456841946 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456892967 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456893921 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.456943035 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456990957 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.456996918 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457041025 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457097054 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457138062 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457187891 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457240105 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457267046 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457349062 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457398891 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457401991 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457448959 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457506895 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457535028 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457590103 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457638025 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457643032 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457689047 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457736969 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457746983 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457787991 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457838058 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457845926 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.457902908 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457956076 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.457961082 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.458004951 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458058119 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.458415031 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458517075 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458570957 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.458578110 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458627939 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458678961 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.458709955 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458760023 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458806992 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458806992 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.458889008 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.458940983 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.467438936 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467519999 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467569113 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467573881 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.467621088 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467669010 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467669964 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.467756033 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467807055 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467813969 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.467920065 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.467974901 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468035936 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468174934 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468224049 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468225956 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468274117 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468323946 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468357086 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468439102 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468491077 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468547106 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468631029 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468683004 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468713045 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468764067 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468812943 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.468846083 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468898058 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.468949080 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469115973 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469192028 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469249010 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469257116 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469307899 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469362020 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469480038 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469543934 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469594002 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469595909 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469680071 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469731092 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469743967 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469830036 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469877958 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469878912 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.469944954 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.469997883 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.470084906 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.541742086 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.541809082 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.541857004 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.541879892 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542059898 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542119026 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542135000 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542342901 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542399883 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542424917 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542506933 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542556047 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542558908 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542608023 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542654991 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542661905 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542705059 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542751074 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542752981 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542831898 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.542886972 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.542947054 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.543011904 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.543065071 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.704453945 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.751226902 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.761357069 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761434078 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761485100 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761491060 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.761538029 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761590958 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761595011 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.761641979 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761692047 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761693001 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.761744022 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.761796951 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.762561083 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762615919 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762661934 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.762662888 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762749910 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762799978 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762799978 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.762883902 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.762937069 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.762969971 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763022900 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763076067 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763104916 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763156891 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763206959 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763207912 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763257027 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763307095 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763309002 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763387918 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763446093 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763468981 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763519049 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763567924 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763570070 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763617039 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763667107 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763669968 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.763720036 CET1159549735206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:18.763772964 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.798321009 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:18.845164061 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:23.621612072 CET4973511595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:25.313724041 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:25.627127886 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:25.688565016 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:44.813962936 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:45.128921032 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:45.173204899 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:35:59.548520088 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:35:59.548701048 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:02.885653973 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:36:02.885862112 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:36:04.829508066 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:05.142937899 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:36:05.188721895 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:22.939269066 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:23.252753973 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:36:23.326592922 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:41.032584906 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:41.348840952 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:36:41.532553911 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:36:51.033339024 CET4973380192.168.2.414.29.101.160
      Jan 17, 2024 04:36:51.418545961 CET804973314.29.101.160192.168.2.4
      Jan 17, 2024 04:36:59.855242968 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:36:59.855335951 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:00.431152105 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:00.744703054 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:37:00.845104933 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:18.422990084 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:18.736252069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:37:18.844980001 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:36.501472950 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:36.817684889 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:37:37.032533884 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:52.829444885 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:37:53.143182039 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:37:53.345072031 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:00.170866013 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:00.171181917 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:11.798482895 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:12.114233017 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:12.344928980 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:29.579451084 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:29.893286943 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:30.032609940 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:37.219608068 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:37.533073902 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:37.533373117 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:37.847423077 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:37.847505093 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:37.847553968 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:37.847595930 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:37.847752094 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:37.847752094 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.032447100 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.162751913 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.162832975 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.162841082 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.162877083 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.162921906 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.162924051 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.344943047 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.476334095 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.476413965 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.476459026 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.476504087 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.476547956 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.476654053 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.532427073 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.789714098 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.789799929 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.789844036 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.789910078 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:38.790107965 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.790107965 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:38.845052004 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.103663921 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.103749990 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.103794098 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.103837967 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.103969097 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.103970051 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.344832897 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.417032957 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.417119026 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.417359114 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.532330990 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.730242968 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.730318069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.730362892 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.730405092 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.730446100 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:39.730612040 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.730612040 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:39.733665943 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.045238972 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.045324087 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.045371056 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.045497894 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.045624018 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.358400106 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.358478069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.358505011 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.358525038 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.358568907 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.358582020 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.358613014 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.358669996 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.358710051 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.532599926 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.672255039 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.672400951 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.672444105 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.672455072 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.672523022 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:40.985631943 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.985697031 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.985714912 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.985734940 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:40.986046076 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.299365997 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.299449921 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.299494982 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.299520016 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.299606085 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.612739086 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.612821102 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.612863064 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.612907887 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.613039970 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.613128901 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.845127106 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.932322979 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.932400942 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.932446003 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.932487965 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:41.932557106 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:41.932558060 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.032435894 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.245711088 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.245796919 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.245840073 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.245882988 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.245918036 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.246185064 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.345042944 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.559463978 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.559549093 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.559597015 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.559638023 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.559688091 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.559688091 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.641935110 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.873399973 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.873481035 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.873528004 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.873569965 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:42.873652935 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:42.873652935 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:43.032408953 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:43.187166929 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.187246084 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.187292099 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.187335014 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.187375069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.187381983 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:43.187469959 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:43.187469959 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:43.501116037 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.501199961 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:43.501383066 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:45.584564924 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:45.901369095 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:45.901669979 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.214991093 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.215066910 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.215152025 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.215197086 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.215321064 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.528017998 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.528075933 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.528116941 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.528161049 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.528340101 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.528340101 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.641974926 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.844836950 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.845669031 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.845750093 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.845753908 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.845802069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.845845938 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.845856905 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:46.845912933 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:46.845964909 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.160299063 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.160382032 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.160425901 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.160468102 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.160515070 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.160665989 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.160757065 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.345069885 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.473948956 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.474030018 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.474081039 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.474122047 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.474147081 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.474148035 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.532566071 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.787636995 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.787720919 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.787769079 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:47.787945032 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:47.787945032 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.101330996 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.101389885 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.101407051 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.101423025 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.101774931 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.415163040 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.415299892 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.415348053 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.415390015 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.415570021 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.415570974 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.532541037 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.729124069 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.729207039 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.729254961 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.729299068 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.729341984 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:48.729427099 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.729428053 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:48.729521036 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.042534113 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.042615891 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.042661905 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.042704105 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.042862892 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.042948961 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.141923904 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.356975079 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.357059956 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.357106924 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.357147932 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.357346058 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.357346058 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.438761950 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.672379017 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.672466040 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.672512054 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.672708988 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.672708988 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.986217022 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.986303091 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.986428022 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:49.986960888 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.987010956 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:49.987035990 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.141944885 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.299581051 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.299665928 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.299972057 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.344825029 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.617939949 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.618021011 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.618066072 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.618113041 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.618240118 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.618240118 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.845016956 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.934853077 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.934930086 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:50.934935093 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.934987068 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:50.935033083 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.248378992 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.248461962 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.248619080 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.249111891 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.249373913 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.561975002 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.562056065 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.562103987 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.562151909 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.562151909 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.875341892 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.875416040 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.875458956 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:51.875605106 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:51.877712965 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.188930988 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.189018011 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.189064980 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.189126968 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.189126968 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.189179897 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.344927073 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.503546953 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.503621101 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.503667116 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.503711939 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.503854036 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.503854036 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.641967058 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.816750050 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.816806078 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.816886902 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.817040920 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.817106962 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.817153931 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:52.817394972 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:52.817394972 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.131340027 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.131429911 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.131475925 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.131586075 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.131586075 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.445452929 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.445604086 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.445745945 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.445966005 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.446010113 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.446194887 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.759983063 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.760096073 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.760142088 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:53.760305882 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:53.760406971 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.073626041 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.073681116 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.073726892 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.073827982 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.073828936 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.386749029 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.386869907 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.386989117 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.387043953 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.387176037 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.387176037 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.461059093 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.703609943 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.703665972 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.703710079 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.703753948 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:54.703995943 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.703995943 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:54.829462051 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.017124891 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.017208099 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.017252922 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.017301083 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.017343998 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.017448902 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.017448902 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.017546892 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.330626011 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.330691099 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.330707073 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.330724001 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.331186056 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.641858101 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.644802094 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.644871950 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.645086050 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.645100117 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.645414114 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.955113888 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955205917 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955250978 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955295086 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955339909 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955380917 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:55.955439091 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.955439091 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.955440044 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:55.957617998 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.032536983 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.268464088 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.268549919 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.268656015 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.344944000 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.582118034 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.582192898 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.582238913 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.582282066 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.582324028 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.582505941 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.582505941 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.585737944 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.895740986 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.895823002 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.895870924 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.895915031 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:56.895963907 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.895963907 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:56.951245070 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.209311008 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.209395885 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.209443092 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.209485054 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.209528923 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.209651947 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.209651947 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.209754944 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.524895906 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.525088072 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.525208950 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.525407076 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.838102102 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.838184118 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.838233948 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.838278055 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.838407040 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.838407040 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.838407040 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.838507891 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.838509083 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:57.889976025 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:57.890278101 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.154829979 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.154913902 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.154961109 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.155035973 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.155069113 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.155143023 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.345109940 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.467978954 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.468023062 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.468257904 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.532481909 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:58.781337023 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.781399012 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.781414986 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.781430006 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.781445026 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:58.781856060 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.095663071 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.095746994 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.095792055 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.095837116 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.095922947 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.095922947 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.141875029 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.413120031 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.413203001 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.413245916 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.413290024 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.413389921 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.413391113 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.641882896 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.726608992 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.726694107 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.726741076 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:38:59.726988077 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:38:59.726988077 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:00.040225983 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.040312052 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.040359020 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.040405989 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.040460110 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:00.040461063 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:00.493679047 CET1159549731206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.493756056 CET4973111595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:00.505000114 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:00.818084002 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:00.818564892 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:01.132020950 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:01.132102966 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:01.132380009 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:01.279932976 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:01.593456030 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:01.641931057 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:03.180108070 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:03.494890928 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:03.495069027 CET4973211595192.168.2.4206.238.115.95
      Jan 17, 2024 04:39:03.809118032 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:03.809205055 CET1159549732206.238.115.95192.168.2.4
      Jan 17, 2024 04:39:03.809364080 CET4973211595192.168.2.4206.238.115.95
      TimestampSource PortDest PortSource IPDest IP
      Jan 17, 2024 04:35:01.053263903 CET6517853192.168.2.41.1.1.1
      Jan 17, 2024 04:35:01.155474901 CET53651781.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 17, 2024 04:35:01.053263903 CET192.168.2.41.1.1.10x3f86Standard query (0)whois.pconline.com.cnA (IP address)IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 17, 2024 04:35:01.155474901 CET1.1.1.1192.168.2.40x3f86No error (0)whois.pconline.com.cnwhois.pconline.com.cn.ctadns.cnCNAME (Canonical name)IN (0x0001)false
      Jan 17, 2024 04:35:01.155474901 CET1.1.1.1192.168.2.40x3f86No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.160A (IP address)IN (0x0001)false
      Jan 17, 2024 04:35:01.155474901 CET1.1.1.1192.168.2.40x3f86No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.168A (IP address)IN (0x0001)false
      Jan 17, 2024 04:35:01.155474901 CET1.1.1.1192.168.2.40x3f86No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.169A (IP address)IN (0x0001)false
      • whois.pconline.com.cn
      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.44973314.29.101.160805080C:\Program Files (x86)\msiexec.exe
      TimestampBytes transferredDirectionData
      Jan 17, 2024 04:35:01.547214031 CET103OUTGET /ipJson.jsp HTTP/1.1
      User-Agent: HTTPGET
      Host: whois.pconline.com.cn
      Cache-Control: no-cache
      Jan 17, 2024 04:35:02.885860920 CET589INHTTP/1.1 200 OK
      Server: openresty
      Date: Wed, 17 Jan 2024 03:35:02 GMT
      Content-Type: text/html; charset=GBK
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Cache-Control: no-cache
      Age: 0
      Ctl-Cache-Status: MISS from hb-wuhan9-ca05, MISS from gd-guangzhou8-ca20, MISS from gd-guangzhou8-ca17
      Request-Id: 65a74ae5d0ddeb4d9c80ee1a30e0a51a
      Data Raw: 64 34 0d 0a 0a 0a 0a 0a 0a 69 66 28 77 69 6e 64 6f 77 2e 49 50 43 61 6c 6c 42 61 63 6b 29 20 7b 49 50 43 61 6c 6c 42 61 63 6b 28 7b 22 69 70 22 3a 22 31 35 34 2e 31 36 2e 31 39 32 2e 31 39 33 22 2c 22 70 72 6f 22 3a 22 cc a8 cd e5 ca a1 22 2c 22 70 72 6f 43 6f 64 65 22 3a 22 37 31 30 30 30 30 22 2c 22 63 69 74 79 22 3a 22 22 2c 22 63 69 74 79 43 6f 64 65 22 3a 22 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 22 2c 22 72 65 67 69 6f 6e 43 6f 64 65 22 3a 22 30 22 2c 22 61 64 64 72 22 3a 22 cc a8 cd e5 ca a1 20 cc a8 b1 b1 ca d0 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 73 22 3a 22 22 2c 22 65 72 72 22 3a 22 6e 6f 63 69 74 79 22 7d 29 3b 7d 0a 0a 0a 0a 0d 0a
      Data Ascii: d4if(window.IPCallBack) {IPCallBack({"ip":"154.16.192.193","pro":"","proCode":"710000","city":"","cityCode":"0","region":"","regionCode":"0","addr":" ","regionNames":"","err":"nocity"});}
      Jan 17, 2024 04:35:02.885972023 CET5INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Click to jump to process

      Click to jump to process

      Click to dive into process behavior distribution

      Click to jump to process

      Target ID:0
      Start time:04:34:55
      Start date:17/01/2024
      Path:C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
      Wow64 process (32bit):true
      Commandline:C:\Users\user\Desktop\#U67e5#U8be2#U5165#U53e3.exe
      Imagebase:0x400000
      File size:402'776 bytes
      MD5 hash:A7585E8304D084BBC7673BBDEDBA8412
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:1
      Start time:04:34:59
      Start date:17/01/2024
      Path:C:\Program Files (x86)\msiexec.exe
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
      Imagebase:0x7d0000
      File size:59'904 bytes
      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Antivirus matches:
      • Detection: 0%, ReversingLabs
      • Detection: 0%, Virustotal, Browse
      Reputation:moderate
      Has exited:false

      Target ID:2
      Start time:04:35:13
      Start date:17/01/2024
      Path:C:\Windows\explorer.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
      Imagebase:0x7ff72b770000
      File size:5'141'208 bytes
      MD5 hash:662F4F92FDE3557E86D110526BB578D5
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:3
      Start time:04:35:14
      Start date:17/01/2024
      Path:C:\Windows\explorer.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      Imagebase:0x7ff72b770000
      File size:5'141'208 bytes
      MD5 hash:662F4F92FDE3557E86D110526BB578D5
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:5
      Start time:04:35:15
      Start date:17/01/2024
      Path:C:\Users\user\Documents\msedge.exe
      Wow64 process (32bit):false
      Commandline:"C:\Users\user\Documents\msedge.exe"
      Imagebase:0x400000
      File size:402'776 bytes
      MD5 hash:A7585E8304D084BBC7673BBDEDBA8412
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Target ID:8
      Start time:04:35:15
      Start date:17/01/2024
      Path:C:\Users\user\Documents\msedge.exe
      Wow64 process (32bit):true
      Commandline:"C:\Users\user\Documents\msedge.exe"
      Imagebase:0x400000
      File size:402'776 bytes
      MD5 hash:A7585E8304D084BBC7673BBDEDBA8412
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Target ID:9
      Start time:04:35:20
      Start date:17/01/2024
      Path:C:\Program Files (x86)\msiexec.exe
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
      Imagebase:0x7d0000
      File size:59'904 bytes
      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      Reset < >

        Execution Graph

        Execution Coverage:4.9%
        Dynamic/Decrypted Code Coverage:75.7%
        Signature Coverage:26%
        Total number of Nodes:304
        Total number of Limit Nodes:13
        execution_graph 10181 408c10 #1134 #2621 #6117 #4159 #823 10182 408c88 10181->10182 10183 408c6b #520 10181->10183 10184 408c8a #986 #296 #5214 #5301 10182->10184 10183->10184 10185 408cc7 #617 10184->10185 10186 408cea #6215 UpdateWindow #617 10184->10186 10187 413280 #4457 10188 413338 10187->10188 10189 413298 #2120 10187->10189 10189->10188 10190 4132b8 #4163 10189->10190 10190->10188 10191 4132c8 10190->10191 10196 4131d0 #823 10191->10196 10193 4132cd #2117 10193->10188 10194 4132e9 #6000 10193->10194 10194->10188 10195 4132fb #5871 #2626 #2627 #2494 10194->10195 10197 413222 10196->10197 10198 41321b 10196->10198 10207 401290 10197->10207 10206 4010b0 WSAStartup CreateEventA 10198->10206 10202 413249 10204 413254 10202->10204 10205 413256 Sleep 10202->10205 10204->10204 10205->10193 10206->10197 10211 4012b0 GetProcAddress socket 10207->10211 10209 4012a0 10209->10202 10210 401190 GetProcAddress send 10209->10210 10210->10202 10212 4012e4 10211->10212 10213 4012da 10211->10213 10214 4012e6 GetProcAddress gethostbyname 10212->10214 10213->10209 10215 401311 GetProcAddress connect 10214->10215 10216 401341 LoadLibraryA GetProcAddress 10215->10216 10217 40137b CreateThread 10215->10217 10218 40135c LoadLibraryA GetProcAddress 10216->10218 10217->10209 10220 4013a0 10217->10220 10219 401376 10218->10219 10219->10214 10221 4013aa 10220->10221 10222 4013ea GetProcAddress RegOpenKeyA RegQueryValueExA RegCloseKey recv 10221->10222 10223 4014aa 10221->10223 10224 40146e Sleep Sleep Sleep 10221->10224 10222->10221 10222->10223 10227 4011d0 RegOpenKeyA RegCloseKey GetProcessHeap RtlAllocateHeap 10223->10227 10224->10221 10224->10223 10226 4014e9 10228 401211 10227->10228 10229 401217 10227->10229 10228->10226 10230 40122d 6 API calls 10229->10230 10230->10226 10231 77a8c8 10230->10231 10234 77a8d8 10231->10234 10237 77a908 10234->10237 10236 77a8d2 10256 77b0d8 10237->10256 10239 77a910 10278 77acf8 10239->10278 10241 77a922 10242 77a92b 10241->10242 10243 77a938 10241->10243 10369 77af08 10242->10369 10304 77ae58 10243->10304 10248 77a957 10307 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 10248->10307 10249 77a94a 10250 77af08 LoadLibraryA 10249->10250 10251 77a950 10250->10251 10251->10236 10253 77af08 LoadLibraryA 10254 77a960 10253->10254 10254->10236 10257 77b16c 10256->10257 10372 77b068 10257->10372 10259 77b9d8 10260 77b068 LoadLibraryA 10259->10260 10261 77b9f9 10260->10261 10262 77b068 LoadLibraryA 10261->10262 10263 77ba5f 10262->10263 10264 77b068 LoadLibraryA 10263->10264 10265 77ba7d 10264->10265 10266 77b068 LoadLibraryA 10265->10266 10267 77bac7 10266->10267 10268 77b068 LoadLibraryA 10267->10268 10269 77bb51 10268->10269 10270 77b068 LoadLibraryA 10269->10270 10271 77bb72 10270->10271 10272 77b068 LoadLibraryA 10271->10272 10273 77bb93 10272->10273 10274 77b068 LoadLibraryA 10273->10274 10275 77bbb4 10274->10275 10276 77b068 LoadLibraryA 10275->10276 10277 77bcb5 10276->10277 10277->10239 10279 77b0d8 LoadLibraryA 10278->10279 10280 77ad02 10279->10280 10281 77ad0f 10280->10281 10282 77ad2a VirtualAlloc 10280->10282 10281->10241 10283 77ad42 10282->10283 10284 77ad57 10283->10284 10285 77ad68 VirtualAlloc VirtualAlloc 10283->10285 10284->10241 10286 77adaa 10285->10286 10375 77a978 10286->10375 10289 77adc4 10380 77abc8 10289->10380 10291 77adf8 10385 77aa28 10291->10385 10292 77ade8 10293 77af08 LoadLibraryA 10292->10293 10295 77aded 10293->10295 10295->10241 10297 77ae3c 10297->10241 10298 77ae20 10298->10297 10302 77af08 LoadLibraryA 10298->10302 10299 77ae0f 10300 77af08 LoadLibraryA 10299->10300 10301 77ae15 10300->10301 10301->10241 10303 77ae31 10302->10303 10303->10241 10305 77b0d8 LoadLibraryA 10304->10305 10306 77a943 10305->10306 10306->10248 10306->10249 10308 1000e65e 10307->10308 10309 1000e64f ??2@YAPAXI 10307->10309 10391 10005180 RegCreateKeyA 10308->10391 10309->10308 10312 1000e69d 10402 1000de90 10312->10402 10313 1000e75f 10314 1000e764 GetModuleFileNameA 10313->10314 10315 1000e785 10313->10315 10317 1000e742 SetFileAttributesA CreateThread 10314->10317 10318 1000e791 OutputDebugStringA 10315->10318 10319 1000e78a OutputDebugStringA 10315->10319 10317->10318 10478 1000e530 10317->10478 10321 1000e923 10318->10321 10322 1000e7a5 10318->10322 10319->10318 10327 1000eb15 10321->10327 10328 1000e929 OutputDebugStringA _wcsicmp 10321->10328 10324 1000e7cc GetNativeSystemInfo 10322->10324 10325 1000e7ae ??2@YAPAXI 10322->10325 10323 1000de90 105 API calls 10326 1000e6b1 10323->10326 10332 1000e7e2 10324->10332 10333 1000e7e8 GetSystemWow64DirectoryA 10324->10333 10330 1000e7bd 10325->10330 10331 1000de90 105 API calls 10326->10331 10472 1000fb3c 10327->10472 10334 1000e967 _wcsicmp 10328->10334 10335 1000e94c 10328->10335 10330->10324 10339 1000e6bb 10331->10339 10332->10333 10340 1000e7fd GetSystemDirectoryA 10332->10340 10341 1000e810 OutputDebugStringA 10333->10341 10334->10327 10337 1000e981 OutputDebugStringA 10334->10337 10466 1000dc20 10335->10466 10343 1000e9b5 GetNativeSystemInfo 10337->10343 10344 1000e997 ??2@YAPAXI 10337->10344 10338 77a95a 10338->10253 10345 1000de90 105 API calls 10339->10345 10340->10341 10342 1000e820 10341->10342 10342->10342 10346 1000e828 SHGetFolderPathA sprintf_s CopyFileA 10342->10346 10348 1000e9d1 GetSystemWow64DirectoryA 10343->10348 10349 1000e9cb 10343->10349 10347 1000e9a6 10344->10347 10350 1000e6c5 10345->10350 10351 1000e8a4 10346->10351 10347->10343 10353 1000e9f9 OutputDebugStringA 10348->10353 10349->10348 10352 1000e9e6 GetSystemDirectoryA 10349->10352 10354 1000de90 105 API calls 10350->10354 10351->10351 10356 1000e8ac OutputDebugStringA 10351->10356 10352->10353 10357 1000ea08 10353->10357 10355 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 10354->10355 10355->10317 10358 1000e8e8 10356->10358 10359 1000e8d9 ??2@YAPAXI 10356->10359 10357->10357 10360 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 10357->10360 10446 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 10358->10446 10359->10358 10362 1000ea90 10360->10362 10362->10362 10364 1000ea98 OutputDebugStringA OutputDebugStringA 10362->10364 10363 1000e908 10367 1000e915 FindCloseChangeNotification ExitProcess 10363->10367 10368 1000eb0f CloseHandle 10363->10368 10365 1000eacc ??2@YAPAXI 10364->10365 10366 1000eadb 10364->10366 10365->10366 10366->10368 10368->10327 10370 77b0d8 LoadLibraryA 10369->10370 10371 77a931 10370->10371 10371->10236 10373 77b070 10372->10373 10374 77b0bc LoadLibraryA 10373->10374 10374->10259 10376 77b0d8 LoadLibraryA 10375->10376 10379 77a988 10376->10379 10377 77aa21 10377->10289 10378 77a9d9 VirtualAlloc 10378->10379 10379->10377 10379->10378 10381 77b0d8 LoadLibraryA 10380->10381 10384 77abe4 10381->10384 10382 77b068 LoadLibraryA 10382->10384 10383 77accc 10383->10291 10383->10292 10384->10382 10384->10383 10386 77b0d8 LoadLibraryA 10385->10386 10388 77aa31 10386->10388 10387 77ab35 10387->10297 10387->10298 10387->10299 10388->10387 10389 77aa7b VirtualFree 10388->10389 10390 77ab03 VirtualProtect 10388->10390 10389->10388 10390->10388 10392 10005291 10391->10392 10393 100051c4 RegQueryValueExA 10391->10393 10394 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 10392->10394 10397 100051f8 10393->10397 10395 100052a2 10394->10395 10395->10312 10395->10313 10396 10005234 RegQueryValueExA 10399 10005262 10396->10399 10400 1000526b RegSetValueExA 10396->10400 10397->10396 10397->10397 10398 10005217 RegSetValueExA 10397->10398 10398->10396 10399->10400 10401 10005284 RegCloseKey 10399->10401 10400->10401 10401->10392 10403 10005720 12 API calls 10402->10403 10404 1000deaa 10403->10404 10405 1000deb5 OpenProcess 10404->10405 10406 1000e37b 10404->10406 10405->10406 10407 1000ded0 OpenProcessToken 10405->10407 10408 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 10406->10408 10409 1000e374 CloseHandle 10407->10409 10410 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 10407->10410 10411 1000e388 10408->10411 10409->10406 10412 1000df64 AdjustTokenPrivileges 10410->10412 10413 1000df88 LookupPrivilegeValueA 10410->10413 10411->10323 10412->10413 10414 1000dfa3 AdjustTokenPrivileges 10413->10414 10415 1000dfc7 LookupPrivilegeValueA 10413->10415 10414->10415 10416 1000dfe2 AdjustTokenPrivileges 10415->10416 10417 1000e006 LookupPrivilegeValueA 10415->10417 10416->10417 10418 1000e021 AdjustTokenPrivileges 10417->10418 10419 1000e045 LookupPrivilegeValueA 10417->10419 10418->10419 10420 1000e060 AdjustTokenPrivileges 10419->10420 10421 1000e084 LookupPrivilegeValueA 10419->10421 10420->10421 10422 1000e0c3 LookupPrivilegeValueA 10421->10422 10423 1000e09f AdjustTokenPrivileges 10421->10423 10424 1000e102 LookupPrivilegeValueA 10422->10424 10425 1000e0de AdjustTokenPrivileges 10422->10425 10423->10422 10426 1000e141 LookupPrivilegeValueA 10424->10426 10427 1000e11d AdjustTokenPrivileges 10424->10427 10425->10424 10428 1000e180 LookupPrivilegeValueA 10426->10428 10429 1000e15c AdjustTokenPrivileges 10426->10429 10427->10426 10430 1000e19b AdjustTokenPrivileges 10428->10430 10431 1000e1bf LookupPrivilegeValueA 10428->10431 10429->10428 10430->10431 10432 1000e1da AdjustTokenPrivileges 10431->10432 10433 1000e1fe LookupPrivilegeValueA 10431->10433 10432->10433 10434 1000e219 AdjustTokenPrivileges 10433->10434 10435 1000e23d LookupPrivilegeValueA 10433->10435 10434->10435 10436 1000e258 AdjustTokenPrivileges 10435->10436 10437 1000e27c LookupPrivilegeValueA 10435->10437 10436->10437 10438 1000e297 AdjustTokenPrivileges 10437->10438 10439 1000e2bb GetLengthSid SetTokenInformation 10437->10439 10438->10439 10440 1000dd00 64 API calls 10439->10440 10441 1000e303 10440->10441 10442 1000e315 PostThreadMessageA 10441->10442 10443 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 10441->10443 10442->10442 10442->10443 10444 1000e371 10443->10444 10445 1000e367 ??3@YAXPAX 10443->10445 10444->10409 10445->10444 10447 100054c5 OutputDebugStringA Wow64SuspendThread OutputDebugStringA VirtualAllocEx 10446->10447 10448 1000536c memset 10446->10448 10449 10005500 OutputDebugStringA WriteProcessMemory 10447->10449 10450 100054b2 10447->10450 10451 100053ad GetNativeSystemInfo 10448->10451 10452 1000538f ??2@YAPAXI 10448->10452 10449->10450 10454 10005526 OutputDebugStringA QueueUserAPC ResumeThread 10449->10454 10453 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 10450->10453 10455 100053c7 10451->10455 10456 100053cd GetSystemWow64DirectoryA 10451->10456 10459 1000539e 10452->10459 10457 100054c1 10453->10457 10458 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 10454->10458 10455->10456 10460 100053e1 GetSystemDirectoryA 10455->10460 10461 100053f3 OutputDebugStringA 10456->10461 10457->10363 10462 1000555b 10458->10462 10459->10451 10460->10461 10463 10005401 10461->10463 10462->10363 10463->10463 10464 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 10463->10464 10464->10447 10465 1000549a CloseHandle CloseHandle 10464->10465 10465->10450 10467 1000dc6d 6 API calls 10466->10467 10468 1000dc4f ??2@YAPAXI 10466->10468 10470 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 10467->10470 10469 1000dc5e 10468->10469 10469->10467 10471 1000dcf0 10470->10471 10473 1000fb44 10472->10473 10474 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 10472->10474 10473->10338 10476 10010137 _crt_debugger_hook 10474->10476 10477 1001013f GetCurrentProcess TerminateProcess 10474->10477 10476->10477 10477->10338 10479 1000e550 RegOpenKeyExA 10478->10479 10480 1000e5ab 10479->10480 10481 1000e56c RegQueryValueExA 10479->10481 10484 1000e390 117 API calls 10480->10484 10482 1000e5a0 RegCloseKey 10481->10482 10483 1000e588 RegCloseKey Sleep 10481->10483 10482->10480 10483->10479 10485 1000e5b0 Sleep 10484->10485 10485->10479 10486 4134a0 #823 10487 4134d3 10486->10487 10488 4134e9 10486->10488 10491 413540 #364 #384 #384 10487->10491 10490 4134da 10494 409360 #567 10491->10494 10493 4135b1 #2097 #2097 #2243 10493->10490 10507 404940 #567 10494->10507 10496 40939b #540 #384 10508 411870 #567 #1168 GetClassInfoA 10496->10508 10499 4094ee #472 10501 409501 #823 10499->10501 10500 4094ff 10500->10501 10502 409523 #472 10501->10502 10503 409534 10501->10503 10504 409536 11 API calls 10502->10504 10503->10504 10512 405820 10504->10512 10506 4095f6 #860 10506->10493 10507->10496 10509 409450 7 API calls 10508->10509 10510 4118bf LoadCursorA #1232 10508->10510 10509->10499 10509->10500 10510->10509 10511 411913 #1270 10510->10511 10511->10509 10512->10506 10513 415826 __set_app_type __p__fmode __p__commode 10514 415895 10513->10514 10515 4158a9 10514->10515 10516 41589d __setusermatherr 10514->10516 10525 415996 _controlfp 10515->10525 10516->10515 10518 4158ae _initterm __getmainargs _initterm 10519 415902 GetStartupInfoA 10518->10519 10521 415936 GetModuleHandleA 10519->10521 10526 4159b8 #1576 10521->10526 10524 41595a exit _XcptFilter 10525->10518 10526->10524

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 13 1000de02-1000de0a 10->13 14 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->14 17 1000de34-1000de37 11->17 18 1000de39 11->18 15 1000dddb-1000dde5 12->15 16 1000dd9d-1000dda7 12->16 13->11 21 1000de0c-1000de19 13->21 31 1000deb5-1000deca OpenProcess 14->31 32 1000e37b-1000e38b call 1000fb3c 14->32 15->18 19 1000dde7-1000ddeb 15->19 16->14 22 1000ddad-1000ddb5 16->22 17->18 18->7 19->18 24 1000de1b-1000de1d 21->24 25 1000de1f 21->25 22->15 26 1000ddb7-1000ddc4 22->26 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 36 1000ded0-1000dee2 OpenProcessToken 31->36 33->34 34->11 38 1000ddd0 35->38 39 1000ddd2-1000ddd8 call 10006370 35->39 41 1000e374-1000e375 CloseHandle 36->41 42 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 36->42 38->39 39->15 41->32 45 1000df64-1000df86 AdjustTokenPrivileges 42->45 46 1000df88-1000dfa1 LookupPrivilegeValueA 42->46 45->46 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 46->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 46->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->41 79->78
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
        • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
        • CloseHandle.KERNEL32(00000000), ref: 1000DE51
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
        • API String ID: 1580616088-3994885262
        • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
        • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 154 1000de90-1000deaf call 10005720 157 1000deb5-1000deca OpenProcess 154->157 158 1000e37b-1000e38b call 1000fb3c 154->158 157->158 159 1000ded0-1000dee2 OpenProcessToken 157->159 161 1000e374-1000e375 CloseHandle 159->161 162 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 159->162 161->158 164 1000df64-1000df86 AdjustTokenPrivileges 162->164 165 1000df88-1000dfa1 LookupPrivilegeValueA 162->165 164->165 166 1000dfa3-1000dfc5 AdjustTokenPrivileges 165->166 167 1000dfc7-1000dfe0 LookupPrivilegeValueA 165->167 166->167 168 1000dfe2-1000e004 AdjustTokenPrivileges 167->168 169 1000e006-1000e01f LookupPrivilegeValueA 167->169 168->169 170 1000e021-1000e043 AdjustTokenPrivileges 169->170 171 1000e045-1000e05e LookupPrivilegeValueA 169->171 170->171 172 1000e060-1000e082 AdjustTokenPrivileges 171->172 173 1000e084-1000e09d LookupPrivilegeValueA 171->173 172->173 174 1000e0c3-1000e0dc LookupPrivilegeValueA 173->174 175 1000e09f-1000e0c1 AdjustTokenPrivileges 173->175 176 1000e102-1000e11b LookupPrivilegeValueA 174->176 177 1000e0de-1000e100 AdjustTokenPrivileges 174->177 175->174 178 1000e141-1000e15a LookupPrivilegeValueA 176->178 179 1000e11d-1000e13f AdjustTokenPrivileges 176->179 177->176 180 1000e180-1000e199 LookupPrivilegeValueA 178->180 181 1000e15c-1000e17e AdjustTokenPrivileges 178->181 179->178 182 1000e19b-1000e1bd AdjustTokenPrivileges 180->182 183 1000e1bf-1000e1d8 LookupPrivilegeValueA 180->183 181->180 182->183 184 1000e1da-1000e1fc AdjustTokenPrivileges 183->184 185 1000e1fe-1000e217 LookupPrivilegeValueA 183->185 184->185 186 1000e219-1000e23b AdjustTokenPrivileges 185->186 187 1000e23d-1000e256 LookupPrivilegeValueA 185->187 186->187 188 1000e258-1000e27a AdjustTokenPrivileges 187->188 189 1000e27c-1000e295 LookupPrivilegeValueA 187->189 188->189 190 1000e297-1000e2b9 AdjustTokenPrivileges 189->190 191 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 189->191 190->191 194 1000e315-1000e334 PostThreadMessageA 191->194 195 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 191->195 194->194 194->195 196 1000e371 195->196 197 1000e367-1000e36e ??3@YAXPAX@Z 195->197 196->161 197->196
        APIs
          • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
          • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
          • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
          • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
          • Part of subcall function 10005720: FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
        • API String ID: 2285828341-3151685581
        • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
        • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,74DE9350), ref: 100052DC
        • memset.MSVCR100 ref: 100052EA
        • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,74DE9350), ref: 10005340
        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,74DE9350), ref: 10005362
        • memset.MSVCR100 ref: 1000537F
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
        • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,74DE9350), ref: 100053B4
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,74DE9350), ref: 100053D9
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
        • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,74DE9350), ref: 100053F8
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,74DE9350), ref: 10005438
        • sprintf_s.MSVCR100 ref: 10005456
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054A7
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054B0
        • OutputDebugStringA.KERNELBASE(PuppetProcess3,?,?,74DE9350), ref: 100054CA
        • Wow64SuspendThread.KERNEL32(?,?,?,74DE9350), ref: 100054D3
        • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,74DE9350), ref: 100054DE
        • VirtualAllocEx.KERNELBASE(?,00000000,0004DA78,00003000,00000040,?,?,74DE9350), ref: 100054F4
        • OutputDebugStringA.KERNELBASE(PuppetProcess5,?,?,74DE9350), ref: 10005505
        • WriteProcessMemory.KERNELBASE(?,00000000,?,0004DA78,00000000,?,?,74DE9350), ref: 1000551C
        • OutputDebugStringA.KERNEL32(PuppetProcess6,?,?,74DE9350), ref: 1000552B
        • QueueUserAPC.KERNELBASE(00000000,?,00000000,?,?,74DE9350), ref: 10005536
        • ResumeThread.KERNELBASE(?,?,?,74DE9350), ref: 10005543
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadWow64memset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWritesprintf_s
        • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
        • API String ID: 1861898608-3220118345
        • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
        • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000), ref: 004011E6
        • RegCloseKey.KERNELBASE(?,?,004014E9), ref: 004011F1
        • GetProcessHeap.KERNEL32(00000000,0004DA78,?,004014E9), ref: 004011FE
        • RtlAllocateHeap.NTDLL(00000000,?,004014E9), ref: 00401205
        • LoadLibraryA.KERNEL32(KERNEL32.dll,VirtualProtect,?,?,?,?,004014E9), ref: 00401240
        • GetProcAddress.KERNEL32(00000000), ref: 00401249
        • LoadLibraryA.KERNEL32(KERNEL32.dll,CreateThread,?,?,?,?,004014E9), ref: 00401257
        • GetProcAddress.KERNEL32(00000000), ref: 0040125A
        • VirtualProtect.KERNELBASE(00000000,0004DA78,00000040,?,?,?,?,?,004014E9), ref: 00401269
        • CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401275
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AddressHeapLibraryLoadProc$AllocateCloseCreateOpenProcessProtectThreadVirtual
        • String ID: CreateThread$HARDWARE\DESCRIPTION\System\CentralProcessor\0$KERNEL32.dll$VirtualProtect
        • API String ID: 1661605580-2886484579
        • Opcode ID: fd621e223aa46a639204fcec1802c3bbd30072bb5082b35e0b0469faa04fe73f
        • Instruction ID: 2679e9bc238f382b67392beef86e659f261f8ae13e85115305d36aaa0929dc4b
        • Opcode Fuzzy Hash: fd621e223aa46a639204fcec1802c3bbd30072bb5082b35e0b0469faa04fe73f
        • Instruction Fuzzy Hash: 061140756403047BD210A765EC4AFEB7F1CEBC9B51F11417AFA04A71C0D9B49808837D
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 263 4013a0-4013d2 call 4157f0 266 4013d8-4013e4 263->266 267 4014aa-4014e4 call 401160 * 2 call 4011d0 263->267 266->267 269 4013ea-401459 GetProcAddress RegOpenKeyA RegQueryValueExA RegCloseKey recv 266->269 278 4014e9-4014f5 267->278 269->267 271 40145b-40149c call 401160 Sleep * 3 269->271 271->267 276 40149e-4014a4 271->276 276->267 276->269
        APIs
        • GetProcAddress.KERNEL32(74D60000,recv), ref: 004013F5
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 00401415
        • RegQueryValueExA.KERNELBASE(?,~MHz,00000000,?,?,?), ref: 00401432
        • RegCloseKey.KERNELBASE(?), ref: 0040143D
        • recv.WS2_32(?,?,00002800,00000000), ref: 00401453
        • Sleep.KERNELBASE(0000000A), ref: 0040147B
        • Sleep.KERNELBASE(0000000A), ref: 00401483
        • Sleep.KERNEL32(0000000A), ref: 0040148B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Sleep$AddressCloseOpenProcQueryValuerecv
        • String ID: 206.238.115.95$HARDWARE\DESCRIPTION\System\CentralProcessor\0$recv$~MHz
        • API String ID: 319245223-2169846110
        • Opcode ID: e3f63ef2b23a86bd8b68c0ae0447dd9697f1e757ccf12d9818a727ed3d65e479
        • Instruction ID: cbfd0d41f5c248cca52a8a6df59cf3ab801ab9a91dad2660b7d7d7a41d6431ab
        • Opcode Fuzzy Hash: e3f63ef2b23a86bd8b68c0ae0447dd9697f1e757ccf12d9818a727ed3d65e479
        • Instruction Fuzzy Hash: 1331E2762003049BD310DB65CC85EA7B7E9FBC8714F108E2EF659972E0DB78E9098B59
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 317 10005720-1000575c CreateToolhelp32Snapshot Process32First 318 1000575e 317->318 319 1000578f-100057a7 FindCloseChangeNotification call 1000fb3c 317->319 320 10005760-10005773 _mbsicmp 318->320 322 10005775-10005785 Process32Next 320->322 323 10005789 320->323 322->320 325 10005787 322->325 323->319 325->319
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • _mbsicmp.MSVCR100 ref: 10005768
        • Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 10005790
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
        • String ID: 360Tray.exe
        • API String ID: 169230292-3639442380
        • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
        • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 80 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 81 1000e66d-1000e697 call 10005180 80->81 82 1000e64f-1000e65c ??2@YAPAXI@Z 80->82 88 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 81->88 89 1000e75f-1000e762 81->89 83 1000e666 82->83 84 1000e65e-1000e664 82->84 86 1000e668 83->86 84->86 86->81 93 1000e742-1000e75d SetFileAttributesA CreateThread 88->93 90 1000e764-1000e783 GetModuleFileNameA 89->90 91 1000e785-1000e788 89->91 90->93 94 1000e791-1000e79f OutputDebugStringA 91->94 95 1000e78a-1000e78f OutputDebugStringA 91->95 93->94 97 1000e923 94->97 98 1000e7a5-1000e7ac 94->98 95->94 103 1000eb15-1000eb2b call 1000fb3c 97->103 104 1000e929-1000e94a OutputDebugStringA _wcsicmp 97->104 100 1000e7cc-1000e7e0 GetNativeSystemInfo 98->100 101 1000e7ae-1000e7bb ??2@YAPAXI@Z 98->101 109 1000e7e2-1000e7e6 100->109 110 1000e7e8-1000e7fb GetSystemWow64DirectoryA 100->110 106 1000e7c5 101->106 107 1000e7bd-1000e7c3 101->107 111 1000e967-1000e97b _wcsicmp 104->111 112 1000e94c-1000e962 call 1000dc20 104->112 116 1000e7c7 106->116 107->116 109->110 118 1000e7fd-1000e80a GetSystemDirectoryA 109->118 119 1000e810-1000e81f OutputDebugStringA 110->119 111->103 114 1000e981-1000e995 OutputDebugStringA 111->114 112->111 121 1000e9b5-1000e9c9 GetNativeSystemInfo 114->121 122 1000e997-1000e9a4 ??2@YAPAXI@Z 114->122 116->100 118->119 120 1000e820-1000e826 119->120 120->120 124 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 120->124 127 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 121->127 128 1000e9cb-1000e9cf 121->128 125 1000e9a6-1000e9ac 122->125 126 1000e9ae 122->126 130 1000e8a4-1000e8aa 124->130 131 1000e9b0 125->131 126->131 133 1000e9f9-1000ea07 OutputDebugStringA 127->133 128->127 132 1000e9e6-1000e9f3 GetSystemDirectoryA 128->132 130->130 136 1000e8ac-1000e8d7 OutputDebugStringA 130->136 131->121 132->133 137 1000ea08-1000ea0e 133->137 138 1000e8f7-1000e90f call 100052b0 136->138 139 1000e8d9-1000e8e6 ??2@YAPAXI@Z 136->139 137->137 140 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 137->140 150 1000e915-1000e91d FindCloseChangeNotification ExitProcess 138->150 151 1000eb0f CloseHandle 138->151 141 1000e8f0 139->141 142 1000e8e8-1000e8ee 139->142 144 1000ea90-1000ea96 140->144 145 1000e8f2 141->145 142->145 144->144 147 1000ea98-1000eaca OutputDebugStringA * 2 144->147 145->138 148 1000eacc-1000ead9 ??2@YAPAXI@Z 147->148 149 1000eafe-1000eb03 147->149 152 1000eaf7-1000eaf9 148->152 153 1000eadb-1000eaeb 148->153 149->151 151->103 152->149 153->152
        APIs
        • OutputDebugStringA.KERNELBASE(dll run), ref: 1000E5EF
        • OutputDebugStringA.KERNELBASE(dll run2), ref: 1000E5F6
        • GetCommandLineW.KERNEL32 ref: 1000E616
        • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
        • memset.MSVCR100 ref: 1000E63E
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
        • sprintf_s.MSVCR100 ref: 1000E714
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
        • SetFileAttributesA.KERNELBASE(?,00000002), ref: 1000E742
        • CreateThread.KERNELBASE(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
        • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
        • OutputDebugStringA.KERNELBASE(dll run3), ref: 1000E796
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
        • GetNativeSystemInfo.KERNELBASE(?), ref: 1000E7D1
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
        • OutputDebugStringA.KERNELBASE(dll run4), ref: 1000E815
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
        • sprintf_s.MSVCR100 ref: 1000E87B
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
        • OutputDebugStringA.KERNELBASE(?), ref: 1000E8CE
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 1000E915
        • ExitProcess.KERNEL32 ref: 1000E91D
        • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
        • _wcsicmp.MSVCR100 ref: 1000E943
        • _wcsicmp.MSVCR100 ref: 1000E974
        • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
        • sprintf_s.MSVCR100 ref: 1000EA63
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
        • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
        • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
          • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
          • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CD7086A), ref: 1000DC8B
          • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(?), ref: 1000DCD4
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
        • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
        • API String ID: 3194832325-3018988614
        • Opcode ID: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
        • Opcode Fuzzy Hash: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75A8EC10), ref: 1000E3B4
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75A8EC10), ref: 1000E3C8
        • sprintf_s.MSVCR100 ref: 1000E3EC
        • sprintf_s.MSVCR100 ref: 1000E406
        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
        • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
        • RegCloseKey.ADVAPI32(?), ref: 1000E469
        • RegCloseKey.KERNELBASE(?), ref: 1000E482
        • OutputDebugStringA.KERNELBASE(meiyou), ref: 1000E489
        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
        • RegSetValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
        • RegCloseKey.ADVAPI32(?), ref: 1000E516
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
        • API String ID: 3385724880-3482547359
        • Opcode ID: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
        • Opcode Fuzzy Hash: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • GetProcAddress.KERNEL32(74D60000,socket), ref: 004012C8
        • socket.WS2_32(00000002,00000001,00000006), ref: 004012D0
        • GetProcAddress.KERNEL32(74D60000,htons), ref: 004012F2
        • gethostbyname.WS2_32(?), ref: 004012FB
        • GetProcAddress.KERNEL32(74D60000,connect), ref: 0040132D
        • connect.WS2_32(?,?,00000010), ref: 0040133A
        • LoadLibraryA.KERNEL32(KERNEL32.dll,ResetEvent), ref: 00401351
        • GetProcAddress.KERNEL32(00000000), ref: 00401354
        • LoadLibraryA.KERNEL32(KERNEL32.dll,WaitForSingleObject), ref: 00401366
        • GetProcAddress.KERNEL32(00000000), ref: 00401369
        • CreateThread.KERNELBASE(00000000,00000000,Function_000013A0,?,00000000,00000000), ref: 00401389
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AddressProc$LibraryLoad$CreateThreadconnectgethostbynamesocket
        • String ID: KERNEL32.dll$ResetEvent$WaitForSingleObject$connect$htons$socket
        • API String ID: 2839651472-2857524910
        • Opcode ID: ed6d26fedf81f82663cb6d50ac349989548aa3f077029461258462c269fddee5
        • Instruction ID: 2f0cf2fbbfb9e9f79a0b2d435e9d64fdbdf3ab423a2cf3289e8a2f4458cffe95
        • Opcode Fuzzy Hash: ed6d26fedf81f82663cb6d50ac349989548aa3f077029461258462c269fddee5
        • Instruction Fuzzy Hash: FE21BB357503047FE210EBB9DC85F9BB7A8EB88710F108A1AF514D71D0CAB4E8448769
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 252 408c10-408c69 #1134 #2621 #6117 #4159 #823 253 408c88 252->253 254 408c6b-408c86 #520 252->254 255 408c8a-408cc5 #986 #296 #5214 #5301 253->255 254->255 256 408cc7-408ce9 #617 255->256 257 408cea-408d26 #6215 UpdateWindow #617 255->257
        APIs
        • #1134.MFC42(00000000), ref: 00408C2D
        • #2621.MFC42 ref: 00408C37
        • #6117.MFC42(Local AppWizard-Generated Applications), ref: 00408C43
        • #4159.MFC42(00000000,Local AppWizard-Generated Applications), ref: 00408C4C
        • #823.MFC42(0000006C,00000000,Local AppWizard-Generated Applications), ref: 00408C53
        • #520.MFC42(00000080,0041A1D0,A,0A), ref: 00408C81
        • #986.MFC42(00000000), ref: 00408C95
        • #296.MFC42(00000000), ref: 00408C9E
        • #5214.MFC42(?,00000000), ref: 00408CB2
        • #5301.MFC42(?,?,00000000), ref: 00408CBE
        • #617.MFC42(?,?,00000000), ref: 00408CD3
        • #6215.MFC42(00000003,?,?,00000000), ref: 00408CEF
        • UpdateWindow.USER32(?), ref: 00408CFB
        • #617.MFC42 ref: 00408D0D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #617$#1134#2621#296#4159#520#5214#5301#6117#6215#823#986UpdateWindow
        • String ID: 0A$Local AppWizard-Generated Applications$A
        • API String ID: 3234569743-2732384807
        • Opcode ID: b47de4f48cf6a3eee5f98361f045724880b9a36067bd2c31a9356777d7f8c5c8
        • Instruction ID: 41bfc81942a05213f3af54d885952778efa4c17ba4b2a83e382328154276f756
        • Opcode Fuzzy Hash: b47de4f48cf6a3eee5f98361f045724880b9a36067bd2c31a9356777d7f8c5c8
        • Instruction Fuzzy Hash: C621D871245B40DBD204EB25C852BDE76E4ABC4B64F50461EF8AA833C1DBBCD481875B
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 279 10005180-100051be RegCreateKeyA 280 10005291-100052a5 call 1000fb3c 279->280 281 100051c4-100051f6 RegQueryValueExA 279->281 283 10005201-1000520a 281->283 284 100051f8-100051ff 281->284 287 10005210-10005215 283->287 284->283 286 10005234-10005260 RegQueryValueExA 284->286 289 10005262-10005269 286->289 290 1000526b-10005282 RegSetValueExA 286->290 287->287 288 10005217-10005232 RegSetValueExA 287->288 288->286 289->290 291 10005284-1000528b RegCloseKey 289->291 290->291 291->280
        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
        • RegQueryValueExA.KERNELBASE(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
        • RegSetValueExA.KERNELBASE(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
        • RegQueryValueExA.KERNELBASE(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
        • RegSetValueExA.KERNELBASE(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
        • RegCloseKey.KERNELBASE(?,?,?), ref: 1000528B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Value$Query$CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2357964129-2174744495
        • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
        • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 292 413540-413614 #364 #384 * 2 call 409360 #2097 * 2 #2243
        APIs
        • #364.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413562
        • #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413577
        • #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413589
          • Part of subcall function 00409360: #567.MFC42 ref: 00409382
          • Part of subcall function 00409360: #540.MFC42 ref: 0040940B
          • Part of subcall function 00409360: #384.MFC42 ref: 0040943B
          • Part of subcall function 00409360: GetSysColor.USER32(00000008), ref: 00409497
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094A1
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094AB
          • Part of subcall function 00409360: GetSysColor.USER32(0000000D), ref: 004094B5
          • Part of subcall function 00409360: GetSysColor.USER32(00000003), ref: 004094BF
          • Part of subcall function 00409360: GetSysColor.USER32(0000000F), ref: 004094C9
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 004094D9
          • Part of subcall function 00409360: #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 0040950E
        • #2097.MFC42(00000086,00000010,00000000,00FF00FF), ref: 004135CC
        • #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135E1
        • #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135F1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Color$#384$#2097#823$#2243#364#472#540#567
        • String ID: TA$Times New Roman
        • API String ID: 469616458-2591298183
        • Opcode ID: d9d03c3649ce590fc89dcb27801b24d530cb83160e0a6efb9b2fa89b70134237
        • Instruction ID: 6bf6b4aec32bb5aab79e5213497b21abca3b20ce1cabfea461c97a75bc92b734
        • Opcode Fuzzy Hash: d9d03c3649ce590fc89dcb27801b24d530cb83160e0a6efb9b2fa89b70134237
        • Instruction Fuzzy Hash: B211B670384B41EAE320DF26CC02BD6B691EB80B19F40451DF5A91A2C2DFBD64488B56
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 295 1000e530-1000e547 296 1000e550-1000e56a RegOpenKeyExA 295->296 297 1000e5ab-1000e5bb call 1000e390 Sleep 296->297 298 1000e56c-1000e586 RegQueryValueExA 296->298 297->296 299 1000e5a0-1000e5a5 RegCloseKey 298->299 300 1000e588-1000e59e RegCloseKey Sleep 298->300 299->297 300->296
        APIs
        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.ADVAPI32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNELBASE(?), ref: 1000E5A5
        • Sleep.KERNELBASE(00000BB8), ref: 1000E5B5
        Strings
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: e5f2000d20d59bbc07c227b1d11810cb2cf46c68cfe9752d076368d5267d2c9f
        • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
        • Opcode Fuzzy Hash: e5f2000d20d59bbc07c227b1d11810cb2cf46c68cfe9752d076368d5267d2c9f
        • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 303 413280-413292 #4457 304 413338-41333e 303->304 305 413298-4132b2 #2120 303->305 305->304 306 4132b8-4132c6 #4163 305->306 306->304 307 4132c8 call 4131d0 306->307 309 4132cd-4132e7 #2117 307->309 309->304 310 4132e9-4132f9 #6000 309->310 310->304 311 4132fb-413335 #5871 #2626 #2627 #2494 310->311
        APIs
        • #4457.MFC42(?), ref: 0041328A
        • #2120.MFC42(?,50002800,0000E800,?), ref: 004132AB
        • #4163.MFC42(00000080,?,50002800,0000E800,?), ref: 004132BF
          • Part of subcall function 004131D0: #823.MFC42(0009B508), ref: 00413203
          • Part of subcall function 004131D0: Sleep.KERNEL32(000000FF,?,?,?,?,?,?,00416D0B,000000FF), ref: 00413258
        • #2117.MFC42(?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004132E0
        • #6000.MFC42(0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004132F2
        • #5871.MFC42(?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413307
        • #2626.MFC42(0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413313
        • #2627.MFC42(0000F000,0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 0041331F
        • #2494.MFC42(?,00000000,00000000,0000F000,0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 0041332B
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2117#2120#2494#2626#2627#4163#4457#5871#6000#823Sleep
        • String ID:
        • API String ID: 3386160022-0
        • Opcode ID: 7bf9c5a97767c2c530a4c024916f85f63d621b233f27ef0a24bc1286ce95988a
        • Instruction ID: f295bb6be9f85b1e12f183ed3c3b2f06187b2ceffeed3866003ce54fc7fd5ac9
        • Opcode Fuzzy Hash: 7bf9c5a97767c2c530a4c024916f85f63d621b233f27ef0a24bc1286ce95988a
        • Instruction Fuzzy Hash: EE012631341B4072E52436364D92FFF128A4FD0725F94452FB61DAA1C2CE9C988A42AC
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 312 77b068-77b0c9 call 77af98 call 77b048 LoadLibraryA
        APIs
        • LoadLibraryA.KERNELBASE(?,00000000,00000072), ref: 0077B0C4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4082434697.000000000077A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0077A000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_77a000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID: A$b$d$i$o$y
        • API String ID: 1029625771-4132616007
        • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction ID: e36a4de5db5e0795d989b9847fa4b6cc4f0d2b096361d540b12746fe1c26641f
        • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction Fuzzy Hash: CEF0745000D3C1EEE702E668944569FBED51BE2644F48CC8CE4D81B243D2BA865CC373
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.ADVAPI32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNELBASE(?), ref: 1000E5A5
        • Sleep.KERNELBASE(00000BB8), ref: 1000E5B5
        Strings
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: 72c490b1738f29af459d1cc89afb85c126eb4561379220e7715da11b412c7063
        • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
        • Opcode Fuzzy Hash: 72c490b1738f29af459d1cc89afb85c126eb4561379220e7715da11b412c7063
        • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 0077AA8C
        • VirtualProtect.KERNELBASE(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0077AB12
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4082434697.000000000077A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0077A000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_77a000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Virtual$FreeProtect
        • String ID: $@
        • API String ID: 2581862158-1077428164
        • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction ID: 80080995a9bf92b71595c4a975422fee21a207a719532a7016c2bb4171935f83
        • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction Fuzzy Hash: 9F316EB06043019FE708DF18C594B6FB7E6BFC8748F41890CE9899B290D779D945CB92
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcAddress.KERNEL32(74D60000,send), ref: 0040119E
        • send.WS2_32(?,?,?,00000000), ref: 004011B4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AddressProcsend
        • String ID: send
        • API String ID: 1302106133-2809346765
        • Opcode ID: dd4d1ec5734af78126993d77e5fb99673a833ad70eb665c3cfdb48b2a7fc35be
        • Instruction ID: 6381d367b2c4554388d4b73205bbc2dab7d74f2c368bcd2ef79596ef076c0f3a
        • Opcode Fuzzy Hash: dd4d1ec5734af78126993d77e5fb99673a833ad70eb665c3cfdb48b2a7fc35be
        • Instruction Fuzzy Hash: EED0127A305200ABE318DB66DC44ED77BAEEBC8710F04C51DB945832D4CA74E844C768
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.4082434697.000000000077A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0077A000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_77a000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction ID: 17695eb770c550d9b7eb8bc265b6e90ada3c00967cfbe15070561c08e24c3b21
        • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction Fuzzy Hash: D84195B2301200AFEB14DF68DC85B6F77A4EFC43A2F108569FA09C6681EB75D8058762
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1576.MFC42(?,?,?,ZYA,0041595A,00000000,?,0000000A), ref: 004159C8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1576
        • String ID: ZYA
        • API String ID: 1976119259-4106806639
        • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
        • Instruction ID: 9d703d587375390fe7fea74c160f8a321344abee2d7b3bbee650e2075630bda3
        • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
        • Instruction Fuzzy Hash: 07B00836158786ABCB42EF91984196ABAA2BFD8344F484D1DB2A15007187668468AB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #823.MFC42(0009B508), ref: 00413203
        • Sleep.KERNEL32(000000FF,?,?,?,?,?,?,00416D0B,000000FF), ref: 00413258
          • Part of subcall function 004010B0: WSAStartup.WS2_32(00000202,?), ref: 004010D6
          • Part of subcall function 004010B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010E3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #823CreateEventSleepStartup
        • String ID:
        • API String ID: 121733085-0
        • Opcode ID: 7c8789302a3c0d93403c65dc84304f210102f3bee422103436218015d51fa74c
        • Instruction ID: 951f16532e199231ebab9ac9f8d28e0367e422fa5253b9f327ab345445f371ea
        • Opcode Fuzzy Hash: 7c8789302a3c0d93403c65dc84304f210102f3bee422103436218015d51fa74c
        • Instruction Fuzzy Hash: A5014935208791ABC310EF28EC0179B7BD09B88B60F008A2EF865933D0E73CC944879B
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAStartup.WS2_32(00000202,?), ref: 004010D6
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010E3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CreateEventStartup
        • String ID:
        • API String ID: 1546077022-0
        • Opcode ID: 9f108eaa24a943d3b26366c6729755770e8754957be2a9a4998c2e3dd4bcd72f
        • Instruction ID: 982ec534c095686b53de404c0ccf739faa66623e5b7f07849cba924032326677
        • Opcode Fuzzy Hash: 9f108eaa24a943d3b26366c6729755770e8754957be2a9a4998c2e3dd4bcd72f
        • Instruction Fuzzy Hash: E2F01C71600700AFD330AF1ADC09AA3FBE9EBC9710F40892EA5A9862A0DBB455498B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNELBASE(?,?,00001000,00000004,?,00000000,00000000,00000000,?,0077ADC4,?,?,00000000,?,?,?), ref: 0077A9E9
        Memory Dump Source
        • Source File: 00000000.00000002.4082434697.000000000077A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0077A000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_77a000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction ID: fb14095a7496d9cce37c1d9b31a0eb4c7bf7a775727afda52bec2f0cd156676a
        • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction Fuzzy Hash: 0A2138B1600201AFE714CF18D985B6AF3E9FF88345F15882DF58987241D7B5AC95CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(NTDLL,1D7EE358), ref: 100069D5
        • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
        • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
        • memset.MSVCR100 ref: 10006A10
        • memset.MSVCR100 ref: 10006A22
        • gethostname.WS2_32(?,00000100), ref: 10006A36
        • gethostbyname.WS2_32(?), ref: 10006A43
        • inet_ntoa.WS2_32 ref: 10006A5B
        • strcat_s.MSVCR100 ref: 10006A74
        • strcat_s.MSVCR100 ref: 10006A8A
        • inet_ntoa.WS2_32 ref: 10006AAA
        • strcat_s.MSVCR100 ref: 10006ABD
        • strcat_s.MSVCR100 ref: 10006AD7
        • inet_addr.WS2_32(?), ref: 10006AF5
        • wsprintfA.USER32 ref: 10006B2E
        • OutputDebugStringA.KERNEL32(?), ref: 10006B45
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
        • strncpy.MSVCR100 ref: 10006E6B
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
        • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
        • strncpy.MSVCR100 ref: 1000713E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
        • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
        • RegQueryValueExA.ADVAPI32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
        • wsprintfA.USER32 ref: 10007204
        • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
        • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
        • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
        • wsprintfA.USER32 ref: 100072AD
        • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
        • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
        • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
        • API String ID: 941699131-3408092411
        • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
        • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 0040E8B2
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E8BF
        • #1669.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E8C7
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040E903
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E91A
        • #940.MFC42(0000000A,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E962
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E975
        • #940.MFC42(00000009,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E999
        • #939.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E9A7
        • #800.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E9B5
        • SendMessageA.USER32(?,0000100C,00000000,00000002), ref: 0040E9CF
        • #940.MFC42(0000000A,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA1E
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA31
        • #940.MFC42(00000009,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA55
        • #939.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA63
        • #800.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA71
        • OpenClipboard.USER32(?), ref: 0040EAC3
        • EmptyClipboard.USER32 ref: 0040EAD1
        • GlobalAlloc.KERNEL32(00002000,?,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EAE5
        • GlobalLock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EAEE
        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB18
        • SetClipboardData.USER32(00000001,00000000), ref: 0040EB21
        • CloseClipboard.USER32 ref: 0040EB27
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB32
        • #2652.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB3A
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB4B
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB59
        • #2652.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB61
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB72
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800#940ClipboardMessageSend$#1168#540Global$#2652#939$#1669#3092AllocCloseDataEmptyLockOpenUnlock
        • String ID:
        • API String ID: 1039448640-0
        • Opcode ID: 0f50c8c2dd885ae94c16666faa6998e2184c80d26dfc415f8c60c3a987b6d0af
        • Instruction ID: 1c919ba216b2d915e319fefec73e344e30313ada7e1a60fca40d4dcf104441a7
        • Opcode Fuzzy Hash: 0f50c8c2dd885ae94c16666faa6998e2184c80d26dfc415f8c60c3a987b6d0af
        • Instruction Fuzzy Hash: 788108312043419BC310DF268851BEB7BD4AF99714F144A2EF8D9A73D2DB38D849C76A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1146.MFC42(?,000000F1,?,75C63E40), ref: 004129FE
        • FindResourceA.KERNEL32(00000000,?,000000F1), ref: 00412A19
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1146FindResource
        • String ID:
        • API String ID: 2445269050-0
        • Opcode ID: b8f13c08bba0a10ae45269dd9b5ca3d55156f1fc17a7359007acff283fc02bb1
        • Instruction ID: 9f9dd393ad86eddf9874923014d0270925be10493dfa3e23ceb1e05e69bb8b86
        • Opcode Fuzzy Hash: b8f13c08bba0a10ae45269dd9b5ca3d55156f1fc17a7359007acff283fc02bb1
        • Instruction Fuzzy Hash: A241C2B5104701ABC714EF25DD85AFBB7A9FB88704F10492EF456C3640DB78E88A8B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 10010108
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
        • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
        • TerminateProcess.KERNEL32(00000000), ref: 1001014B
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 3369434319-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID:
        • String ID: [RO] %ld bytes
        • API String ID: 0-772938740
        • Opcode ID: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
        • Instruction ID: 7322f5e5fa6b3b035b878dfe40991121234928e9520a60201d928a8209d78fd8
        • Opcode Fuzzy Hash: 8f0635cd9ab257fb411c857ac07a9750c9ded6c5cd7f79997f9a8f9f4608f4e8
        • Instruction Fuzzy Hash: 312227B4A00B06CFDB64CF69C584A9ABBF1FF48344F20896DD85A97759D730E981CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10005809
        • ExitWindowsEx.USER32(?,00000000), ref: 100059F9
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ExchangeExitInterlockedWindows
        • String ID:
        • API String ID: 1543309128-0
        • Opcode ID: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
        • Instruction ID: e1ee78ba3e4ffb03c5e6a66d01acadce76c954ec158e6bdd089fc7101dc522f3
        • Opcode Fuzzy Hash: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
        • Instruction Fuzzy Hash: BD51FA36214A4587D260EF18E4114BBF36AFBD83A3BC0437BEC4943A89DF227465D6E1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42(0041E8F0,?,00000000), ref: 00403F07
        • #1779.MFC42(000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F23
        • #1779.MFC42(000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F31
        • #1779.MFC42(000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F3F
        • #289.MFC42(?,000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F49
        • #537.MFC42 ref: 00403F5F
        • GetTextExtentPoint32A.GDI32(000003FD,?,?,?), ref: 00403F77
        • #800.MFC42 ref: 00403F81
        • #860.MFC42(?), ref: 00403FDB
        • #860.MFC42(0041E8F0,?), ref: 00403FEB
        • #3092.MFC42(000003F9,0041E8F0,?), ref: 00403FF7
        • #4123.MFC42(000003F9,0041E8F0,?), ref: 00403FFE
        • #3092.MFC42(000003F9,00000000,000003F9,0041E8F0,?), ref: 00404010
        • #2642.MFC42(000003F9,00000000,000003F9,0041E8F0,?), ref: 00404017
        • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404032
        • SendMessageA.USER32(?,00000143,00000000,Image), ref: 00404047
        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404058
        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040406A
        • #1779.MFC42(000003FC,00000001), ref: 00404075
        • #3092.MFC42(000003FB,000003FC,00000001), ref: 00404081
        • #4123.MFC42(000003FB,000003FC,00000001), ref: 00404088
        • #3092.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 0040409A
        • #2642.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 004040A1
        • #3092.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004040AD
        • #4123.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004040B4
        • #3092.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004040C6
        • #2642.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004040CD
        • #3092.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040D9
        • #4123.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040E0
        • #3092.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040F2
        • #2642.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040F9
        • #3092.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404105
        • #4123.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 0040410C
        • #3092.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404122
        • #2642.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404129
        • #860.MFC42(?), ref: 0040413D
        • #3092.MFC42(000003F9,?), ref: 00404149
        • #4123.MFC42(000003F9,?), ref: 00404150
        • #3092.MFC42(000003F9,00000001,000003F9,?), ref: 00404162
        • #2642.MFC42(000003F9,00000001,000003F9,?), ref: 00404169
        • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404184
        • SendMessageA.USER32(?,00000143,00000000,Text), ref: 00404199
        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004041AA
        • SendMessageA.USER32(?,00000143,00000000,Numeric), ref: 004041BF
        • SendMessageA.USER32(?,00000151,00000000,00000008), ref: 004041D0
        • SendMessageA.USER32(?,00000143,00000000,Valute), ref: 004041E5
        • SendMessageA.USER32(?,00000151,00000000,00000010), ref: 004041F6
        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040423E
        • #860.MFC42(Edit), ref: 00404268
        • #3092.MFC42(000003FC), ref: 00404274
        • #4123.MFC42(000003FC), ref: 0040427B
        • #3092.MFC42(000003FC,00000001,000003FC), ref: 0040428D
        • #2642.MFC42(000003FC,00000001,000003FC), ref: 00404294
        • #3092.MFC42(000003FB,000003FC), ref: 004042A0
        • #4123.MFC42(000003FB,000003FC), ref: 004042A7
        • #613.MFC42(000003FD,00000001,000003FA,000003FD,000003FB,000003FC), ref: 0040435A
        • #6334.MFC42(00000000,0041E8F0,?,00000000), ref: 00404365
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3092$MessageSend$#4123$#2642$#860$#1779$#289#537#613#6334#800ExtentPoint32Text
        • String ID: AbCdEfGhIj MnOpQrStUvWxYz$Drop down list$Drop list$Edit$Image$Numeric$Text$Valute
        • API String ID: 285005041-2212831474
        • Opcode ID: 8934bc6bbe0fa0a6096075f66ae0a1692b1eea90771ffee815efb275327422ec
        • Instruction ID: 39fd9fe3a332895facbb5041ab076138fb4710014454dede51c1c4bb095e820a
        • Opcode Fuzzy Hash: 8934bc6bbe0fa0a6096075f66ae0a1692b1eea90771ffee815efb275327422ec
        • Instruction Fuzzy Hash: 3BB194707C0705B7DA15B6758C53FEF629AABC4B08F10442EB7966F2C1DEACA981834D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800$#1168#3521$#2818#540$#823#825
        • String ID: ColDef_align_%d$ColDef_descr_%d$ColDef_dwdata_%d$ColDef_id_%d$ColDef_image_%d$ColDef_text_%d$ColDef_textdt_%d$ColDef_width_%d$DefColId %d$DefNum$GfxLists\%s$NumDef
        • API String ID: 1075447880-987619563
        • Opcode ID: cfaf7c08f7831fb750f12e19b72b3a67a14b89d8f55f58651e4972c85e170cb4
        • Instruction ID: 7d5c9dde53b6fb8f7376ba9dac019bff753d84439bb021144b4858278af3f2b1
        • Opcode Fuzzy Hash: cfaf7c08f7831fb750f12e19b72b3a67a14b89d8f55f58651e4972c85e170cb4
        • Instruction Fuzzy Hash: E7D196B56043419FC314EF66C885E5BB3E5AFD8718F00891DF85947392DB38E88ACB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00402AE1
        • #540.MFC42 ref: 00402AF0
        • #2818.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402B09
        • #1168.MFC42 ref: 00402B11
        • #6402.MFC42(?,NumDef,?), ref: 00402B29
        • #2818.MFC42(00000000,DefColId %d,00000000,?,NumDef,?), ref: 00402B42
        • #1168.MFC42(?,NumDef,?), ref: 00402B4A
        • #6402.MFC42(?,?,?,?,NumDef,?), ref: 00402B65
        • #1168.MFC42(?,NumDef,?), ref: 00402B72
        • #6402.MFC42(?,DefNum,?,?,NumDef,?), ref: 00402B8A
        • #2818.MFC42(?,ColDef_id_%d,00000000,?,?,DefNum,?,?,NumDef,?), ref: 00402BA8
        • #1168.MFC42(?,NumDef,?), ref: 00402BB0
        • #6402.MFC42(?,?,?,?,NumDef,?), ref: 00402BCC
        • #2818.MFC42(?,ColDef_align_%d,00000000,?,?,?,?,NumDef,?), ref: 00402BDC
        • #1168.MFC42(?,?,?,?,NumDef,?), ref: 00402BE4
        • #6402.MFC42(?,?,?,?,?,?,?,NumDef,?), ref: 00402C00
        • #2818.MFC42(?,ColDef_width_%d,00000000,?,?,?,?,?,?,?,NumDef,?), ref: 00402C10
        • #1168.MFC42(?,?,?,?,?,?,?,NumDef,?), ref: 00402C18
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C34
        • #2818.MFC42(?,ColDef_image_%d,00000000,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C44
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C4C
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C68
        • #2818.MFC42(?,ColDef_dwdata_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402C78
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C80
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402C9C
        • #2818.MFC42(?,ColDef_text_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CAC
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CC6
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CDB
        • #2818.MFC42(?,ColDef_textdt_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CEB
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D05
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D1A
        • #2818.MFC42(?,ColDef_descr_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D2A
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D44
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D59
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402D77
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402D88
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1168$#2818$#6402$#6403$#540#800
        • String ID: ColDef_align_%d$ColDef_descr_%d$ColDef_dwdata_%d$ColDef_id_%d$ColDef_image_%d$ColDef_text_%d$ColDef_textdt_%d$ColDef_width_%d$DefColId %d$DefNum$GfxLists\%s$NumDef
        • API String ID: 3223794608-987619563
        • Opcode ID: b21316a51268c7347b62c2b8e1f205a039cf426ad8cd0ac8d612c1b753fbb837
        • Instruction ID: 2462b9f26de250466d4c50a8025270bf5cb1097192f8165e5ac676531e417bd2
        • Opcode Fuzzy Hash: b21316a51268c7347b62c2b8e1f205a039cf426ad8cd0ac8d612c1b753fbb837
        • Instruction Fuzzy Hash: 1A8185B56043019FC714EF66D885D9BB3E5EFC8708F10891EF95987381DA38EC468B6A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #323.MFC42 ref: 00404AE5
        • #1640.MFC42(?), ref: 00404B02
        • CopyRect.USER32(?,?), ref: 00404B14
        • #5736.MFC42 ref: 00404B1E
        • CreateRectRgnIndirect.GDI32(?), ref: 00404B40
        • #1641.MFC42(00000000), ref: 00404B4B
        • #5786.MFC42(00418EF8,00000000), ref: 00404B59
        • #2414.MFC42(00418EF8,00000000), ref: 00404B62
        • GetSysColor.USER32(0000000F), ref: 00404B69
        • #2754.MFC42(?,00000000), ref: 00404B79
        • GetTextExtentPoint32A.GDI32(?,0041E4C4,00000001,?), ref: 00404B8F
        • SendMessageA.USER32(?,00001203,?,?), ref: 00404BCC
        • #537.MFC42(0041E8F4), ref: 00404C32
        • #5710.MFC42(?,00000001,0041E8F4), ref: 00404C55
        • #800.MFC42(?,?,00000001,0041E8F4), ref: 00404C95
        • atoi.MSVCRT ref: 00404CAB
        • ImageList_GetImageInfo.COMCTL32(?,00000000,?), ref: 00404CC6
        • CopyRect.USER32(?,?), ref: 00404CE1
        • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000001), ref: 00404D4E
        • CopyRect.USER32(?,?), ref: 00404D89
        • GetSysColor.USER32(00000014), ref: 00404D97
        • #472.MFC42(00000000,00000001,00000000), ref: 00404DA2
        • GetSysColor.USER32(00000010), ref: 00404DB1
        • #472.MFC42(00000000,00000001,00000000), ref: 00404DBC
        • #5788.MFC42(00008924,00000000,00000001,00000000), ref: 00404DD2
        • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 00404DFD
        • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E1C
        • #4133.MFC42(?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E40
        • #4297.MFC42(?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E5E
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E6C
        • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 00404EF4
        • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F10
        • #4297.MFC42(?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F30
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F3E
        • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F58
        • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001), ref: 00404F69
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404F77
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404F91
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404FAE
        • GetStockObject.GDI32(00000000), ref: 00404FD5
        • #2860.MFC42(00000000), ref: 00404FDC
        • SelectObject.GDI32(?,?), ref: 00404FF6
        • CopyRect.USER32(?,?), ref: 00405004
        • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0040502C
        • SelectObject.GDI32(?,00000000), ref: 0040503C
        • #5678.MFC42(?,0041E8F4), ref: 00405047
        • #2450.MFC42(?,0041E8F4), ref: 00405050
        • #800.MFC42(?,0041E8F4), ref: 00405061
        • #2414.MFC42(?,0041E8F4), ref: 0040507A
        • #640.MFC42(?,0041E8F4), ref: 00405096
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #4133Rect$#2414#4297#5788Copy$ColorImageObject$#472#800List_Select$#1640#1641#2450#2754#2860#323#537#5678#5710#5736#5786#640CreateDrawExtentIndirectInfoMessagePoint32SendStockTextatoi
        • String ID:
        • API String ID: 412523226-0
        • Opcode ID: bc0113e2abf1fc6b0eebd09490625daf28f311cb1523731e2a29a657ca89ff17
        • Instruction ID: 039a790d01d9a3f6ed46229a5f86c2c09cdd15c3c79520a1596a1775aaf635d3
        • Opcode Fuzzy Hash: bc0113e2abf1fc6b0eebd09490625daf28f311cb1523731e2a29a657ca89ff17
        • Instruction Fuzzy Hash: 6D026A71208341AFD714DF68C984EABBBE9FBC8704F048A1EF59593290DB74E909CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 004052BC
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405301
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405331
        • GetClientRect.USER32(?,?), ref: 00405350
        • InvalidateRect.USER32(?,?,00000001), ref: 00405360
        • #289.MFC42 ref: 0040536B
        • #283.MFC42(000000FF), ref: 00405384
        • #5788.MFC42(?,000000FF), ref: 0040539A
        • #472.MFC42(00000000,00000001,000000FF,?,000000FF), ref: 004053AE
        • #5788.MFC42(?,00000000,00000001,000000FF,?,000000FF), ref: 004053C4
        • Polygon.GDI32(?,?,00000003), ref: 00405405
        • #5788.MFC42(00000000), ref: 00405429
        • #5788.MFC42(?,00000000), ref: 00405437
        • #2414.MFC42(?,00000000), ref: 00405451
        • #2414.MFC42(?,00000000), ref: 0040546F
        • #613.MFC42(?,00000000), ref: 00405487
        • GetParent.USER32(?), ref: 0040549D
        • #2864.MFC42(00000000), ref: 004054A0
        • #289.MFC42(00000000,00000000), ref: 004054AA
        • ClientToScreen.USER32(?,?), ref: 004054D2
        • GetParent.USER32(?), ref: 004054DC
        • #2864.MFC42(00000000), ref: 004054DF
        • ScreenToClient.USER32(?,?), ref: 004054ED
        • IsRectEmpty.USER32 ref: 00405564
        • #2571.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 0040558F
        • #613.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 004055BE
        • SetCapture.USER32(?), ref: 004055E5
        • #2864.MFC42(00000000), ref: 004055EC
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405604
        • #823.MFC42 ref: 00405610
        • SendMessageA.USER32 ref: 00405638
        • SendMessageA.USER32(?,00001204,00000000,?), ref: 00405674
        • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 0040568A
        • InvalidateRect.USER32(?,00000000,00000001,?), ref: 004056A3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageRectSend$#5788$#2864Client$#2414#289#613InvalidateParentScreen$#2379#2571#283#472#823CaptureEmptyPolygon
        • String ID:
        • API String ID: 1922829686-0
        • Opcode ID: 4a6f40e4aa702489a68b085a0504b3d59237b84a2a18cdf0e9c50b9a173c424d
        • Instruction ID: 82df2853a0fb180429eb182a71e8357b81a832085c108d44d6679048a24b17b2
        • Opcode Fuzzy Hash: 4a6f40e4aa702489a68b085a0504b3d59237b84a2a18cdf0e9c50b9a173c424d
        • Instruction Fuzzy Hash: 4AC17A71604B459FD324DF69C885BABBBE4FF88304F008A2DB59A83391DB74A805CF56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetClientRect.USER32(?,?), ref: 00406287
        • GetParent.USER32(?), ref: 00406291
        • #2864.MFC42(00000000), ref: 00406298
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 004062AD
        • #2860.MFC42(00000000), ref: 004062B0
        • #289.MFC42(?,00000000), ref: 004062C0
        • #5788.MFC42 ref: 004062D2
        • #537.MFC42(0041E4C8), ref: 004062E2
        • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 004062FA
        • #800.MFC42 ref: 00406304
        • #5788.MFC42(00000000), ref: 00406315
        • SetRect.USER32(?,?,?,?,00000064), ref: 00406354
        • #613.MFC42 ref: 00406366
        • PtInRect.USER32(?,?,?), ref: 0040639D
        • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 004063C9
        • #6605.MFC42(?), ref: 004063DB
        • GetParent.USER32(?), ref: 004063EA
        • #2864.MFC42(00000000), ref: 004063ED
        • #6880.MFC42(?,00000000), ref: 004063F9
        • GetParent.USER32(?), ref: 00406402
        • #2864.MFC42(00000000), ref: 00406405
        • #3089.MFC42(00000000), ref: 0040640E
        • #2099.MFC42(50A00002,?,00000000,-00000002,00000000), ref: 00406424
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 0040644E
        • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 00406469
        • #6197.MFC42(6D0EA098,00000000,00000000,?,?,00000002), ref: 00406496
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004064B2
        • #540.MFC42 ref: 004064B8
        • #3874.MFC42(?), ref: 004064E1
        • SendMessageA.USER32(?,000001A2,000000FF,?), ref: 004064F9
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 0040650A
        • #5981.MFC42 ref: 0040650E
        • #800.MFC42 ref: 0040651F
        • #2379.MFC42 ref: 00406545
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$Send$#2864ParentRect$#5788#800$#2099#2379#2860#289#3089#3874#537#540#5981#613#6197#6605#6880ClientExtentPoint32PostText
        • String ID:
        • API String ID: 1027999965-0
        • Opcode ID: 313321117aebee223969b496d5ebba19a55e489b701f427e37adae4f4a9be89a
        • Instruction ID: 7cbf6be3131d2d9ecf6352c379953d8a8d3df86d32612ec5467f061301b8da4e
        • Opcode Fuzzy Hash: 313321117aebee223969b496d5ebba19a55e489b701f427e37adae4f4a9be89a
        • Instruction Fuzzy Hash: 5D919C72204700AFD624DB65CD81FABB3E9EBC8B04F004A1DB5969B3C1DB78E805CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800$#1168Global$#1669#2652#2864#3157#3286#4294#5981#858#941AllocFocusFreeInvalidateMessageRectSend
        • String ID: DESC
        • API String ID: 3098961414-461850341
        • Opcode ID: 9fc9eee4e1c60844eda0d9a80670611ff6bb75f38e61ee648d43a4148bf46867
        • Instruction ID: 82293ead447ef0fa43aef4f343148aa742e70ef23db83f72eaefa16cffdeaec8
        • Opcode Fuzzy Hash: 9fc9eee4e1c60844eda0d9a80670611ff6bb75f38e61ee648d43a4148bf46867
        • Instruction Fuzzy Hash: 5481D2302047819BD324EB75C851BEBBBE4AFD5308F00482EF59A577D2DB78A849C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004037AB
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004037C7
        • #3092.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004037D8
        • #4123.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004037DF
        • #3092.MFC42(000003F3,00000001,000003F3,?,00000000,00403425,00000001), ref: 004037F1
        • #2642.MFC42(000003F3,00000001,000003F3,?,00000000,00403425,00000001), ref: 004037F8
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403813
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403827
        • #3092.MFC42(000003F5,00000000,00403425,00000001), ref: 00403836
        • #4123.MFC42(000003F5,00000000,00403425,00000001), ref: 0040383D
        • #3092.MFC42(000003F5,00000000,000003F5,00000000,00403425,00000001), ref: 0040384E
        • #2642.MFC42(000003F5,00000000,000003F5,00000000,00403425,00000001), ref: 00403855
        • #3092.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403863
        • #4123.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040386A
        • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040387C
        • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403883
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040389D
        • #3092.MFC42(000003F4,?,00000000,00403425,00000001), ref: 004038AA
        • #4123.MFC42(000003F4,?,00000000,00403425,00000001), ref: 004038B1
        • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 004038CC
        • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 004038D3
        • #3092.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004038E9
        • #4123.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004038F0
        • #3092.MFC42(000003F3,00000000,000003F3,?,00000000,00403425,00000001), ref: 00403902
        • #2642.MFC42(000003F3,00000000,000003F3,?,00000000,00403425,00000001), ref: 00403909
        • #3092.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040391A
        • #4123.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403921
        • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403933
        • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040393A
        • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403946
        • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040394D
        • #3092.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040395F
        • #2642.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403966
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3092$#4123$#2642$MessageSend
        • String ID:
        • API String ID: 3525747040-0
        • Opcode ID: 35fde5e54a4ff82f5fbc2139ecfb3dae29db83457f47ebb12d677ebae8b7e11a
        • Instruction ID: 17f5285e64e12323a33fd4f0a7c7dbe1b8949c21e6d85a8237c4c60d142ee7ee
        • Opcode Fuzzy Hash: 35fde5e54a4ff82f5fbc2139ecfb3dae29db83457f47ebb12d677ebae8b7e11a
        • Instruction Fuzzy Hash: 24410D31BC0B4272ED1636760D26BBF158E5BC1B19F11043EB742AF2C1EDACAB81428D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4837.MFC42(?,?,?), ref: 0040ECAB
        • GetFocus.USER32 ref: 0040ECFB
        • #2864.MFC42(00000000), ref: 0040ED02
        • #5981.MFC42(00000000), ref: 0040ED0D
        • GetMessagePos.USER32 ref: 0040ED39
        • #3092.MFC42(00000000), ref: 0040ED5C
        • ScreenToClient.USER32(?,?), ref: 0040ED6C
        • SendMessageA.USER32(?,00001207,00000000,?), ref: 0040ED93
        • PtInRect.USER32(?,?,?), ref: 0040EDA8
        • SendMessageA.USER32(?,00001207,00000001,?), ref: 0040EDC2
        • CreatePopupMenu.USER32 ref: 0040EDE4
        • #1644.MFC42(00000000), ref: 0040EDEF
        • AppendMenuA.USER32(?,00000000,00008023,Sort ascending), ref: 0040EE0B
        • AppendMenuA.USER32(?,00000000,00008024,Sort descending), ref: 0040EE1E
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 0040EE2E
        • AppendMenuA.USER32(?,00000000,00008022,Customize header), ref: 0040EE41
        • AppendMenuA.USER32(?,00000000,00008021,Header format), ref: 0040EE54
        • #6270.MFC42(00000002,?,?,?,00000000,?,?,?,00000081), ref: 0040EE94
        • #2438.MFC42(00000002,?,?,?,00000000,?,?,?,00000081), ref: 0040EE9D
        • GetClientRect.USER32(?,?), ref: 0040EED7
        • GetMessagePos.USER32 ref: 0040EEDD
        • ScreenToClient.USER32(?,?), ref: 0040EEFD
        • InvalidateRect.USER32(?,?,00000001), ref: 0040EF16
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Menu$Append$Message$ClientRect$ScreenSend$#1644#2438#2864#3092#4837#5981#6270CreateFocusInvalidatePopup
        • String ID: Customize header$Header format$Sort ascending$Sort descending
        • API String ID: 3140647289-3541644344
        • Opcode ID: 3ab752fe8da68388f122791de50860eb8ce432f3ad47a37ce578f96632b7ae86
        • Instruction ID: b096fa76e7861574b6a60656225eaf612cc80b02b7834a888e6a8a651076e704
        • Opcode Fuzzy Hash: 3ab752fe8da68388f122791de50860eb8ce432f3ad47a37ce578f96632b7ae86
        • Instruction Fuzzy Hash: 97817F71204301ABD224DF25CC85FABB7A8FFC4714F508A2EB595972D0DB78E845CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #567.MFC42 ref: 00409382
          • Part of subcall function 00404940: #567.MFC42 ref: 00404943
        • #540.MFC42 ref: 0040940B
        • #384.MFC42 ref: 0040943B
          • Part of subcall function 00411870: #567.MFC42(?,?,00000000), ref: 00411891
          • Part of subcall function 00411870: #1168.MFC42(?,?,00000000), ref: 004118A2
          • Part of subcall function 00411870: GetClassInfoA.USER32(?,ZGfxListTip,?), ref: 004118B5
          • Part of subcall function 00411870: LoadCursorA.USER32 ref: 004118E7
          • Part of subcall function 00411870: #1232.MFC42(?,?,?,?,?,?,?,00007F00), ref: 0041190A
          • Part of subcall function 00411870: #1270.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00411913
        • GetSysColor.USER32(00000008), ref: 00409497
        • GetSysColor.USER32(00000005), ref: 004094A1
        • GetSysColor.USER32(00000005), ref: 004094AB
        • GetSysColor.USER32(0000000D), ref: 004094B5
        • GetSysColor.USER32(00000003), ref: 004094BF
        • GetSysColor.USER32(0000000F), ref: 004094C9
        • #823.MFC42(00000008), ref: 004094D9
        • #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
        • #823.MFC42(00000008), ref: 0040950E
        • #472.MFC42(00000000,00000001,00808080), ref: 0040952D
        • GetStockObject.GDI32(00000011), ref: 00409549
        • #2860.MFC42(00000000), ref: 00409550
        • GetObjectA.GDI32(?,0000003C,?), ref: 00409560
        • CreateFontIndirectA.GDI32(?), ref: 00409571
        • #1641.MFC42(00000000), ref: 00409576
        • CreateFontIndirectA.GDI32(?), ref: 00409588
        • #1641.MFC42(00000000), ref: 00409591
        • CreateFontIndirectA.GDI32(?), ref: 004095A4
        • #1641.MFC42(00000000), ref: 004095AD
        • CreateFontIndirectA.GDI32(?), ref: 004095C0
        • #1641.MFC42(00000000), ref: 004095C9
        • #860.MFC42 ref: 0040966F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Color$#1641CreateFontIndirect$#567$#472#823Object$#1168#1232#1270#2860#384#540#860ClassCursorInfoLoadStock
        • String ID: TA$Gfx list Control
        • API String ID: 541820374-2214082147
        • Opcode ID: af20fa995b7baad3c8914a666c68df949465ddab30d84b08863d306391cf4324
        • Instruction ID: 53d1cc0488371fdabd15697a8799b67ef86157bc58f1a4fdb1e14418e0406ef9
        • Opcode Fuzzy Hash: af20fa995b7baad3c8914a666c68df949465ddab30d84b08863d306391cf4324
        • Instruction Fuzzy Hash: 8F91F7B0904B409ED361DF3AC8857DBFBE0BB99304F40492EE4AE87281DBB86544CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C87D
        • #3293.MFC42(00000000,?,00000000), ref: 0040C898
        • #470.MFC42 ref: 0040C8BD
        • #2971.MFC42(?), ref: 0040C8D6
        • IsRectEmpty.USER32(?), ref: 0040C8E0
        • InvalidateRect.USER32(?,?,00000000), ref: 0040C912
        • #755.MFC42 ref: 0040C927
        • #3021.MFC42 ref: 0040C92C
        • GetClientRect.USER32(?,?), ref: 0040C95F
        • #3092.MFC42(00000000), ref: 0040C965
        • GetClientRect.USER32(?,?), ref: 0040C973
        • #289.MFC42 ref: 0040C99B
        • GetSysColor.USER32(00000011), ref: 0040C9AD
        • #6172.MFC42(00000000), ref: 0040C9B8
        • #5875.MFC42(00000001,00000000), ref: 0040C9C5
        • #5788.MFC42(?,00000001,00000000), ref: 0040C9D7
        • #2754.MFC42(?,?,?,00000001,00000000), ref: 0040C9EE
        • #537.MFC42(Nessun elemento presente nella lista,?,?,?,00000001,00000000), ref: 0040C9FC
        • #800.MFC42 ref: 0040CA2E
        • #5788.MFC42(00000000), ref: 0040CA38
        • #5875.MFC42(00000000,00000000), ref: 0040CA42
        • #6172.MFC42(00000000,00000000,00000000), ref: 0040CA4C
        • EnableScrollBar.USER32(?,00000000,00000003), ref: 0040CA65
        • #613.MFC42(00000000,00000000), ref: 0040CA7A
        • #3293.MFC42(00000000,?,00000000), ref: 0040CA97
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040CABE
        Strings
        • Nessun elemento presente nella lista, xrefs: 0040C9F3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Rect$#3293#5788#5875#6172ClientEnableScroll$#2754#289#2971#3021#3092#470#537#613#755#800ColorEmptyInvalidateMessageSend
        • String ID: Nessun elemento presente nella lista
        • API String ID: 3469473975-42175248
        • Opcode ID: 3365020d22fe36770b1a28325fbe90796fa1979fb335794ddb9609467bcc4419
        • Instruction ID: 9d4b62dbb3eb15a24ffef9cc9b18b3bf9f5c6e1370cac318d9e9737f810eb455
        • Opcode Fuzzy Hash: 3365020d22fe36770b1a28325fbe90796fa1979fb335794ddb9609467bcc4419
        • Instruction Fuzzy Hash: D2716771204705AFD318DB24C895FEBB3E4FB88708F008A1DF59A972C1EB78A945CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1168.MFC42 ref: 0040BF85
        • #1669.MFC42 ref: 0040BF8D
        • #540.MFC42 ref: 0040C006
        • #540.MFC42 ref: 0040C014
        • #540.MFC42 ref: 0040C022
        • #540.MFC42 ref: 0040C030
        • #540.MFC42 ref: 0040C03E
        • #540.MFC42 ref: 0040C04C
        • #540.MFC42 ref: 0040C05A
        • #3157.MFC42(?,?,00000001), ref: 0040C076
        • #858.MFC42(?,?,?,00000001), ref: 0040C089
        • #941.MFC42( DESC,?,?,?,00000001), ref: 0040C0A0
        • #4294.MFC42 ref: 0040C0B6
        • InvalidateRect.USER32(?,00000000,00000001), ref: 0040C0C3
        • #800.MFC42 ref: 0040C0E2
        • #800.MFC42 ref: 0040C0F0
        • #800.MFC42 ref: 0040C0FE
        • #800.MFC42 ref: 0040C10C
        • #800.MFC42 ref: 0040C11A
        • #800.MFC42 ref: 0040C128
        • #800.MFC42 ref: 0040C136
          • Part of subcall function 00401860: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401879
          • Part of subcall function 00401860: SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401888
          • Part of subcall function 00401860: #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018A2
          • Part of subcall function 00401860: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018BD
          • Part of subcall function 00401860: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401904
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040C248
        • SendMessageA.USER32(?,00001013,00000000,00000000), ref: 0040C25A
        • #1168.MFC42 ref: 0040C264
        • #2652.MFC42 ref: 0040C26C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800$MessageSend$#1168$#1669#2652#3157#3998#4294#6007#858#941InvalidateRect
        • String ID: DESC
        • API String ID: 3819644337-461850341
        • Opcode ID: 46f9dab6e9bbb5a1addd25dce834875368a553045fcf73aa664a565f92a008d0
        • Instruction ID: c1cc99a47b6fc472182f82ee14ee6a7d1160405c2233eb0f3408a514e61dfe21
        • Opcode Fuzzy Hash: 46f9dab6e9bbb5a1addd25dce834875368a553045fcf73aa664a565f92a008d0
        • Instruction Fuzzy Hash: FF91B2302047419BD718EF66C851BABB7E5BFC5304F044A2DF996573C2DB38A845CBAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#1641CreateFontIndirect$#3908#537#800CapsDeviceExtentPoint32Text$#2243MessageObjectRectSend
        • String ID: Arial
        • API String ID: 4053870105-493054409
        • Opcode ID: 3c0825fd577ed6937d654c82a1f424b82f65897435ebce485725d1de76577f86
        • Instruction ID: dac70bb6652b2dae7423e70c659d0cafb90daaadfd546fffdeb6463f3bbc922b
        • Opcode Fuzzy Hash: 3c0825fd577ed6937d654c82a1f424b82f65897435ebce485725d1de76577f86
        • Instruction Fuzzy Hash: E9917674204605EFC724DF65C884EEAB7E9BF88304F108A1DF9498B291DB34EA45CF95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend$#5788ClientRect$#2379#2860#3874#4299#540#562#5981#6605#6880#800#816ExtentPoint32StateText
        • String ID:
        • API String ID: 854166642-0
        • Opcode ID: f94e05b1174271f834907c53a2a87a1902047347a69bb4efb7eefa74225fcbd9
        • Instruction ID: f12c74dc217e1773ef65b4ac58853315ae5ca3eb34203df8b85d6e6aeda21753
        • Opcode Fuzzy Hash: f94e05b1174271f834907c53a2a87a1902047347a69bb4efb7eefa74225fcbd9
        • Instruction Fuzzy Hash: 4861DE762047409FC714EBA5C985EAFB7E9FBC8714F008A2EF58583281DB78E841CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401C5E
        • GlobalAlloc.KERNEL32(00000040,00000004), ref: 00401C6A
        • #823.MFC42(?), ref: 00401C8F
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401CCC
        • GlobalAlloc.KERNEL32(00000040,00000004), ref: 00401CDF
        • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 00401D4E
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?), ref: 00401D68
        • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 00401DCA
        • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 00401DDE
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00401E14
        • #6907.MFC42(00000000,00000000,?), ref: 00401E29
        • #3293.MFC42(00000000,?,00000000,00000000,00000000,?), ref: 00401E38
        • InvalidateRect.USER32(?,?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00401E48
        • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 00401E68
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 00401E85
        • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 00401E9F
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00401ED5
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401EEA
        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401F02
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401F1E
        • #3293.MFC42(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000), ref: 00401F2D
        • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000), ref: 00401F3D
        • #800.MFC42 ref: 00401F4F
        • #825.MFC42(?,?,?,?,?,?,?,?), ref: 00401F83
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocGlobal$#6007MessageSend$#2818#3293#3998#540InvalidateRect$#6907#800#823#825
        • String ID: Categoria: %s (%d element%c)
        • API String ID: 700626880-3571718097
        • Opcode ID: eabe19a968aec875cdd2895809b80f2db1abffd81a4ffeb828a50b9e46b461d0
        • Instruction ID: 7f54d0389154129595d08d4b7432f0e7d08937092b88ea56da46f5425459b6ac
        • Opcode Fuzzy Hash: eabe19a968aec875cdd2895809b80f2db1abffd81a4ffeb828a50b9e46b461d0
        • Instruction Fuzzy Hash: 63B16CB4244701AFE224CF14CC81F6BB7E5EB88714F108A2DF6969B3D1D774E8468B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800$#1168$#1669#2652#2864#3157#4294#5981#858FocusInvalidateRect
        • String ID:
        • API String ID: 1251853744-0
        • Opcode ID: a43c69addfd2cdae9c238fe8543b46bd51e631112be96eff152d4898a0b82412
        • Instruction ID: 3577c716a8a40f0af3f31a509f4da41889e471636f39d5e28eb516911a94ecf3
        • Opcode Fuzzy Hash: a43c69addfd2cdae9c238fe8543b46bd51e631112be96eff152d4898a0b82412
        • Instruction Fuzzy Hash: A581C2302047819BD324EB75C851BEBBBD4AFD5308F00482EF596577D2DB78A849C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2414.MFC42 ref: 004101DE
        • #2414.MFC42 ref: 004101F3
        • #1168.MFC42 ref: 004101F8
        • LoadImageA.USER32(?,?,00000000,00000000,00000000,00002000), ref: 00410214
        • #1641.MFC42(00000000), ref: 00410231
        • GetObjectA.GDI32(?,00000018,?), ref: 0041024A
        • #2408.MFC42 ref: 00410273
        • #2096.MFC42(?,?,00000010,00000001,00000000), ref: 0041028E
        • ImageList_Add.COMCTL32(?,?,00000000,?,?,00000010,00000001,00000000), ref: 004102A8
        • GetObjectA.GDI32(?,00000054,?), ref: 004102BC
        • #289.MFC42(00000000), ref: 004102DA
        • CreateHalftonePalette.GDI32(?), ref: 004102F7
        • #1641.MFC42(00000000), ref: 00410304
        • #823.MFC42(00000000), ref: 00410316
        • #323.MFC42 ref: 00410324
        • CreateCompatibleDC.GDI32(?), ref: 00410340
        • #1640.MFC42(00000000), ref: 0041034B
        • #5785.MFC42(?,?,00000000), ref: 0041035D
        • GetDIBColorTable.GDI32(?,00000000,?,00000000,?,?,00000000), ref: 00410375
        • #823.MFC42(00000000), ref: 00410383
        • CreatePalette.GDI32(00000000), ref: 004103C0
        • #1641.MFC42(00000000), ref: 004103CD
        • #825.MFC42(00000000,00000000), ref: 004103D3
        • #825.MFC42(00000000,00000000,00000000), ref: 004103D9
        • #640.MFC42 ref: 004103ED
        • InvalidateRect.USER32(?,00000000,00000001), ref: 004103FA
        • #613.MFC42 ref: 0041040F
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1641Create$#2414#823#825ImageObjectPalette$#1168#1640#2096#2408#289#323#5785#613#640ColorCompatibleHalftoneInvalidateList_LoadRectTable
        • String ID:
        • API String ID: 1329931383-0
        • Opcode ID: dc722f1a0012b8bd86470215f29ccf7f638eb1e8d95f030c16b86b23e0f09e50
        • Instruction ID: 83db23f6c95506ed2866b3d15723d278ee382e109672e354415f5b404e91587e
        • Opcode Fuzzy Hash: dc722f1a0012b8bd86470215f29ccf7f638eb1e8d95f030c16b86b23e0f09e50
        • Instruction Fuzzy Hash: 2861E071244745AFD724DB60CC85FEBB7A8BF85708F00451DF89997281DBB8E888CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040D037
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
          • Part of subcall function 0040DA60: #3293.MFC42(00000000,?,00000000,75BF3EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
          • Part of subcall function 0040DA60: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
          • Part of subcall function 0040DA60: GetClientRect.USER32(?,?), ref: 0040DAF3
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D065
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040D08E
        • #3293.MFC42(?,?,00000000), ref: 0040D0B0
        • GetClientRect.USER32(?,?), ref: 0040D0DA
        • SendMessageA.USER32 ref: 0040D0FA
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D13A
        • #3286.MFC42(?), ref: 0040D157
        • #540.MFC42(?), ref: 0040D164
        • #823.MFC42(00000054), ref: 0040D189
        • #535.MFC42(?,?,?), ref: 0040D1B5
        • #2111.MFC42(?,?,?,00000068), ref: 0040D1E2
        • #540.MFC42(?,?,?,00000068), ref: 0040D1EB
        • #3089.MFC42(?,?,?,00000068), ref: 0040D238
        • SendMessageA.USER32(?,00000030,?,00000000), ref: 0040D315
        • SendMessageA.USER32(?,00000434,00000000,?), ref: 0040D34F
        • #6134.MFC42(00000000,000000FF,?,00000068), ref: 0040D357
        • #5937.MFC42(0000003C,00000000,000000FF,?,00000068), ref: 0040D366
        • #6136.MFC42(0000003C,0000003C,00000000,000000FF,?,00000068), ref: 0040D375
        • SendMessageA.USER32(?,00000437,00000000,?), ref: 0040D38A
        • #800.MFC42(?,?,?,00000068), ref: 0040D3A0
        • #800.MFC42(?,?,?,00000068), ref: 0040D3B4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#540#800Client$#2111#3089#3092#3286#535#5937#6134#6136#823
        • String ID: <
        • API String ID: 3875506128-4251816714
        • Opcode ID: 7148013d5230c4efe86183ce90d0bedf211a6f6e309a2e00c48074e0430547c5
        • Instruction ID: 3e3b0393a419632c5e36a4a5c74c9674df9c160c1db1b2e7ebbc74f75fa08636
        • Opcode Fuzzy Hash: 7148013d5230c4efe86183ce90d0bedf211a6f6e309a2e00c48074e0430547c5
        • Instruction Fuzzy Hash: CCB152716083459FD324DFA5C851FABB7E8BBC8704F004A2DB999A73C1D778E8058B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(0041E8F0), ref: 00413E38
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416E88,000000FF), ref: 00413E4D
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416E88,000000FF), ref: 00413E5D
        • #6883.MFC42(?,?,?), ref: 00413E6D
        • #537.MFC42(Provincia,?,?,?), ref: 00413E7B
        • #6883.MFC42(?,00000000,Provincia,?,?,?), ref: 00413E90
        • #800.MFC42(?,00000000,Provincia,?,?,?), ref: 00413E9D
        • #537.MFC42(Anas,?,00000000,Provincia,?,?,?), ref: 00413EAB
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EC0
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413ECD
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EDB
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EF0
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EFD
        • #540.MFC42 ref: 00413F35
        • #2818.MFC42(?,TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set), ref: 00413F48
        • #800.MFC42 ref: 00413F7F
        Strings
        • Provincia, xrefs: 00413E72
        • Comune, xrefs: 00413ED2
        • TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set, xrefs: 00413F3E
        • Anas, xrefs: 00413EA2
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6883#800$#537$#2818#540
        • String ID: Anas$Comune$Provincia$TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set
        • API String ID: 3485451498-1603090807
        • Opcode ID: b2f599e895f2fd9bb441bbbead2d4606f9802e557c184ce80597856937cc387c
        • Instruction ID: 837674c22dec5a00511febd99f2feb49d6c7c5c8d193570f9f5e8aed2ddc022a
        • Opcode Fuzzy Hash: b2f599e895f2fd9bb441bbbead2d4606f9802e557c184ce80597856937cc387c
        • Instruction Fuzzy Hash: 32619E756047009FC320DF15C581BAAB7E1FF88724F504A1EF49A87791C739E98ACB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040DC92
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
          • Part of subcall function 0040D000: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040D037
          • Part of subcall function 0040D000: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D065
          • Part of subcall function 0040D000: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040D08E
          • Part of subcall function 0040D000: #3293.MFC42(?,?,00000000), ref: 0040D0B0
          • Part of subcall function 0040D000: GetClientRect.USER32(?,?), ref: 0040D0DA
          • Part of subcall function 0040D000: SendMessageA.USER32 ref: 0040D0FA
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040DD0C
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040DD7A
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040DD8E
        • #6905.MFC42(?,00000003,00000003), ref: 0040DDA2
        • #3286.MFC42(?,?,00000003,00000003), ref: 0040DDB4
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040DF39
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040DF4D
        • #6905.MFC42(?,00000003,00000003), ref: 0040DF61
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#6905$#3092#3286#3293ClientRect
        • String ID:
        • API String ID: 3523344188-0
        • Opcode ID: 2b60aedd11388588ad6eaa4c6bc25b14ea1fe7b410079db2cba44b3cb02062f7
        • Instruction ID: e7096fc15e465d85a9c6d6e3b8579a8ccc3c2a617873d283122902e3d91db4ae
        • Opcode Fuzzy Hash: 2b60aedd11388588ad6eaa4c6bc25b14ea1fe7b410079db2cba44b3cb02062f7
        • Instruction Fuzzy Hash: CDE1C731340B0167D624A62ACC41FAFB2D9EBD8B14F104D3EF65AEB2C1DA78E945835C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetMenuItemCount.USER32(?), ref: 00412BE3
        • GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
        • GetSubMenu.USER32(?,-00000001), ref: 00412C15
        • #2863.MFC42(00000000,?,?,?,75C63E40), ref: 00412C1C
        • #540.MFC42(00000000,?,?,?,75C63E40), ref: 00412C40
        • GetMenuStringA.USER32 ref: 00412C61
        • #2919.MFC42(00000002), ref: 00412C70
        • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
        • #5572.MFC42(000000FF), ref: 00412C89
        • ModifyMenuA.USER32(?,-00000001,00000500,000000FF,00000000), ref: 00412CFA
        • #800.MFC42 ref: 00412D0C
          • Part of subcall function 00412BB0: #2614.MFC42 ref: 00412C94
          • Part of subcall function 00412BB0: #2614.MFC42 ref: 00412DA0
          • Part of subcall function 00412BB0: GetMenuState.USER32(?,-00000001,00000400), ref: 00412DDC
          • Part of subcall function 00412BB0: ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 00412E0A
        • GetMenuState.USER32(?,-00000001,00000400), ref: 00412D28
        • #540.MFC42(?,?,?,75C63E40), ref: 00412D46
        • GetMenuStringA.USER32 ref: 00412D61
        • #2919.MFC42(00000002), ref: 00412D74
        • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412D85
        • #5572.MFC42(000000FF), ref: 00412D91
        • ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 00412DBF
        • #800.MFC42 ref: 00412DD1
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Menu$String$Modify$#2614#2919#540#5572#800ItemState$#2863Count
        • String ID:
        • API String ID: 985470246-0
        • Opcode ID: afe2ca6af36c6556a66a390d8aaabe74a20282205839e4415aa45d1496d15e9c
        • Instruction ID: 1e3d82180aa8cebc34db654927162ddc711ceff43e1de25c7cda8741f924e613
        • Opcode Fuzzy Hash: afe2ca6af36c6556a66a390d8aaabe74a20282205839e4415aa45d1496d15e9c
        • Instruction Fuzzy Hash: B471D0B0204715ABC310DF25DD45FEBBBA9FB84714F108A19F565932D0EB78E854CBA8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetClientRect.USER32(?,?), ref: 00405F27
        • GetSysColor.USER32(0000000F), ref: 00405F58
        • #2754.MFC42(?,00000000), ref: 00405F66
        • #2860.MFC42(?,?,00000000), ref: 00405F6F
        • #323.MFC42(?,?,00000000), ref: 00405F7E
        • CreateCompatibleDC.GDI32(00000000), ref: 00405F91
        • #1640.MFC42(00000000), ref: 00405F9C
        • GetObjectA.GDI32(?,00000018,?), ref: 00405FB4
        • #5785.MFC42(?,?), ref: 00405FFD
        • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040602E
        • #5785.MFC42(?,?), ref: 00406045
        • GetSysColor.USER32(00000014), ref: 0040605A
        • GetSysColor.USER32(00000010), ref: 0040605F
        • #2567.MFC42(?,00000000), ref: 00406069
        • InflateRect.USER32(00000000,000000FF,000000FF), ref: 0040607E
        • GetSysColor.USER32(0000000F), ref: 00406086
        • GetSysColor.USER32(0000000F), ref: 00406098
        • #2567.MFC42(?,00000000), ref: 004060A2
        • InflateRect.USER32(00000000,000000FF,000000FF), ref: 004060B0
        • GetSysColor.USER32(00000010), ref: 004060B8
        • GetSysColor.USER32(00000014), ref: 004060BD
        • #2567.MFC42(?,00000000), ref: 004060C7
        • #640.MFC42 ref: 004060D8
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Color$#2567Rect$#5785Inflate$#1640#2754#2860#323#640ClientCompatibleCreateObject
        • String ID:
        • API String ID: 881363819-0
        • Opcode ID: 45e6d8854057d670ca300c119c06241f51ab5478347eba5981c65c1d3a3f7dc3
        • Instruction ID: a3dfc8a6be821aa3e2151bfcb2a784a632a231e80bcbe86321ee10d835f47131
        • Opcode Fuzzy Hash: 45e6d8854057d670ca300c119c06241f51ab5478347eba5981c65c1d3a3f7dc3
        • Instruction Fuzzy Hash: E4516B72208345AFC714DF69CC44EABBBE8EBC8710F104A2DB595D32D1CA74D804CB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00405CB6
        • GetClientRect.USER32(?,?), ref: 00405CD5
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00405D17
        • #2860.MFC42(?), ref: 00405D1A
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405D31
        • #3089.MFC42 ref: 00405D4C
        • #2111.MFC42(50000080,?,?,00000001), ref: 00405D60
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405D78
        • #6199.MFC42(?,?,00000001), ref: 00405D80
        • SendMessageA.USER32(?,00000434,00000000,?), ref: 00405DB2
        • #6134.MFC42(00000000,000000FF), ref: 00405DBA
        • #5937.MFC42(0000003C,00000000,000000FF), ref: 00405DC6
        • #6136.MFC42(0000003C,0000003C,00000000,000000FF), ref: 00405DD2
        • SendMessageA.USER32(?,00000437,00000000,?), ref: 00405DEA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#2111#2379#2860#3089#5937#6134#6136#6199ClientRect
        • String ID: <
        • API String ID: 3436560166-4251816714
        • Opcode ID: 79845bbe6319cc47294b85b4fb108bc0c2a798a68fc4d342cb2746c808b5bc3d
        • Instruction ID: fb730d80e9601ea83bee57e1dd4651bbe9b901671f526456dca0c5c8201d6f51
        • Opcode Fuzzy Hash: 79845bbe6319cc47294b85b4fb108bc0c2a798a68fc4d342cb2746c808b5bc3d
        • Instruction Fuzzy Hash: 5D41A175204700AFD624DB65CC91FEBB7E9EFC8704F008A1EB99697380DA74E900CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3763.MFC42(?,?), ref: 004084BF
        • GetParent.USER32(?), ref: 004084DF
        • #2864.MFC42(00000000), ref: 004084E6
        • SendMessageA.USER32(?,00000403,00000002,?), ref: 00408512
        • #3763.MFC42(?,?), ref: 00408546
        • #540.MFC42(?,?), ref: 0040854F
        • #3874.MFC42(?), ref: 00408563
        • GetParent.USER32(?), ref: 00408588
        • #2864.MFC42(00000000), ref: 0040858F
        • SendMessageA.USER32(?,00000403,00000003,?), ref: 004085BB
        • #800.MFC42 ref: 004085CD
        • #800.MFC42(?), ref: 004085F6
        • GetParent.USER32(?), ref: 0040860E
        • #2864.MFC42(00000000), ref: 00408615
        • SendMessageA.USER32(?,00000403,00000004,?), ref: 00408641
        • GetParent.USER32(?), ref: 0040866F
        • #2864.MFC42(00000000), ref: 00408676
        • SendMessageA.USER32(?,00000403,00000005,?), ref: 004086A2
          • Part of subcall function 00408730: #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,004161E8,000000FF,004082DC), ref: 00408751
          • Part of subcall function 00408730: #3874.MFC42 ref: 00408765
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 004087B0
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 004087B3
          • Part of subcall function 00408730: #3089.MFC42(00000000), ref: 004087C1
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 00408806
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 00408809
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 00408814
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 00408817
          • Part of subcall function 00408730: #3089.MFC42(00000000), ref: 00408820
          • Part of subcall function 00408730: SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408831
          • Part of subcall function 00408730: #800.MFC42 ref: 00408843
        • #5290.MFC42(?), ref: 00408714
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend$#800$#3089#3763#3874#540$#5290
        • String ID:
        • API String ID: 4283597796-0
        • Opcode ID: e213cfe3f1af5e95e5f3df5f8dd5a2fad33cedac6a772db0a0d48a12eabc814a
        • Instruction ID: 3d100f1488813eaa286ad80785d217ac773cdf5a01a2f1d83fece7d185f43b32
        • Opcode Fuzzy Hash: e213cfe3f1af5e95e5f3df5f8dd5a2fad33cedac6a772db0a0d48a12eabc814a
        • Instruction Fuzzy Hash: E9718F752007019FC718DF19C984AAFB7E5FB98710F10892EF59593780DB78E982CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00408E51
        • #540.MFC42(?,?,?,?,?,004162A1,000000FF), ref: 00408E61
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408E83
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408E97
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EA6
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EB3
        • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EBA
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00408EF1
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F1B
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F2F
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F3E
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F4B
        • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F52
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00408F8A
          • Part of subcall function 004092D0: #4171.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 004092EB
          • Part of subcall function 004092D0: #6311.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040931A
          • Part of subcall function 004092D0: atoi.MSVCRT ref: 00409324
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FAB
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FBF
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FCE
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FDB
        • #823.MFC42(0000000C,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FE2
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00409018
        • #800.MFC42(?,?,?,?,?,004162A1,000000FF), ref: 00409032
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800$#3286#3301#6007#823#858$#4171#540#6311MessageSendatoi
        • String ID:
        • API String ID: 3055650909-0
        • Opcode ID: d76134389815a0277af893f41edf8715d800d98bb804f2b6fc5c437c66eae7f4
        • Instruction ID: 4e7e584e0ab80acd10ee7cf4f00adfd0cbccc072339726d03e0d0c640cc87cf5
        • Opcode Fuzzy Hash: d76134389815a0277af893f41edf8715d800d98bb804f2b6fc5c437c66eae7f4
        • Instruction Fuzzy Hash: 2E610F71108341AED310DB26C8C0E6BB7DDABD4358F04492EF1DA97392DA38DD86C76A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040EF8B
        • #2864.MFC42(00000000), ref: 0040EF92
        • #5981.MFC42(00000000), ref: 0040EF9D
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040EFE4
        • SendMessageA.USER32 ref: 0040F00F
        • SendMessageA.USER32(?,0000101B,?,00000000), ref: 0040F023
        • SendMessageA.USER32(?,00001203,?,0000009F), ref: 0040F03F
        • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040F05E
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F07F
        • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F090
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F0A8
        • #6907.MFC42(-00000001,?,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F0BB
        • SendMessageA.USER32(?,00001019,00000001,00000000), ref: 0040F0F8
        • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F10E
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F11D
        • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F12E
        • SendMessageA.USER32(?,0000101C,00000001,00000000), ref: 0040F146
        • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F164
        • SendMessageA.USER32(?,00001019,00000000,00000000), ref: 0040F176
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040F182
        • InvalidateRect.USER32(?,00000000,00000001,?,00000004,?,0000009F,?,00000000), ref: 0040F18C
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#6907$#2864#5981FocusInvalidateRect
        • String ID:
        • API String ID: 1511350695-0
        • Opcode ID: cbfe820232d3da00cc4125a430e2ca922b155d7759aedc4005ad7dd65cda8a12
        • Instruction ID: 6e860f70897de8cb24a928eea387c5ad0da3cf279318d51484a122a86d0deffd
        • Opcode Fuzzy Hash: cbfe820232d3da00cc4125a430e2ca922b155d7759aedc4005ad7dd65cda8a12
        • Instruction Fuzzy Hash: F3614E70240744ABE730DB25CC81FABB3A9BF88714F104B2DF695AB6D1D7B8E8448B55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 10005646
        • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
        • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
        • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
        • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
        • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
        • CloseHandle.KERNEL32(?), ref: 100056F2
        • FreeLibrary.KERNEL32(00000000), ref: 100056FD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
        • API String ID: 3440622277-1578001699
        • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
        • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040D409
        • #2864.MFC42(00000000), ref: 0040D410
        • #5981.MFC42(00000000), ref: 0040D41B
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
          • Part of subcall function 00401AD0: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
          • Part of subcall function 00401AD0: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        • GetCursorPos.USER32(00000000), ref: 0040D425
        • ScreenToClient.USER32(?,?), ref: 0040D434
        • #3286.MFC42(00000000,?,?), ref: 0040D46A
        • #3293.MFC42(00000000,?,00000000,00000000,?,?), ref: 0040D4BA
        • GetClientRect.USER32(?,?), ref: 0040D4C8
        • InvalidateRect.USER32(?,?,00000001), ref: 0040D4F1
        • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040D543
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040D560
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040D579
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040D58A
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040D5A8
        • #3293.MFC42(00000000,?,00000000), ref: 0040D5B5
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040D5DC
        • SendMessageA.USER32(?,0000102C,00000000,00000001), ref: 0040D652
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DBB6
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DBDB
          • Part of subcall function 0040DB90: #3293.MFC42(?,?,00000000,?,00000000,?), ref: 0040DBFA
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DC22
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?,?), ref: 0040D61F
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040D644
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040CC74
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CCA2
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CCCB
          • Part of subcall function 0040CC40: #3293.MFC42(?,?,00000000), ref: 0040CCED
          • Part of subcall function 0040CC40: GetClientRect.USER32(?,?), ref: 0040CD17
          • Part of subcall function 0040CC40: SendMessageA.USER32 ref: 0040CD34
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CD52
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293Invalidate$ClientScroll$Enable$#2864#3286#3998#5981#6007CursorFocusScreenShow
        • String ID:
        • API String ID: 1983514702-0
        • Opcode ID: 8b55e805530541a9d092710536350505fd90c3126aa5e06a9ce3cbc7302a3956
        • Instruction ID: 57f82ebe21f7ee24ad7be10c36a29d409f2bc9a93f9c199d4d4d6808c76c11e9
        • Opcode Fuzzy Hash: 8b55e805530541a9d092710536350505fd90c3126aa5e06a9ce3cbc7302a3956
        • Instruction Fuzzy Hash: 31918171340305ABD624DB69CC81FABB3E9FBC8B04F00492EF595972D0DBB8E9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessagePost
        • String ID:
        • API String ID: 3939144538-0
        • Opcode ID: dbb7d571d73486c9964d8f346655b81c2bbe281731cd186e7b59489ad6b68100
        • Instruction ID: 75ac96b43b599a6a62239645f8ee84e71766786d9bf595ce3615597b2eda436e
        • Opcode Fuzzy Hash: dbb7d571d73486c9964d8f346655b81c2bbe281731cd186e7b59489ad6b68100
        • Instruction Fuzzy Hash: A71124B2E00714ABC614ABF69D59C9B7F9CFFCC2547008A6EB54887241DB7CD8428FA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #6907.MFC42(?,?,?), ref: 00414025
        • #537.MFC42(0041E8F0), ref: 00414039
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041404E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041405E
        • #6883.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041406E
        • #537.MFC42(Provincia,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041407C
        • #6883.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414091
        • #800.MFC42(?,00000000,Provincia,?,00000000,?), ref: 0041409E
        • #537.MFC42(Anas,?,00000000,Provincia,?,00000000,?), ref: 004140AC
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140C1
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140CE
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140DC
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140F1
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140FE
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6883$#537#800$#6907
        • String ID: Anas$Comune$Provincia
        • API String ID: 627091864-1109409966
        • Opcode ID: 4fec4260b2dfddf20dabf1dc2bb38527577b20e21aa25fd24d101a40a649272a
        • Instruction ID: 3473ace3d25e76a770bbfd23ce63f11dfe3668d771b5851ebbd5c95fab861f15
        • Opcode Fuzzy Hash: 4fec4260b2dfddf20dabf1dc2bb38527577b20e21aa25fd24d101a40a649272a
        • Instruction Fuzzy Hash: C9417D74500B00AFD320EF15C981BEBB7E5BBD8714F108A1EE49A87781C739E98ACB45
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsWindow.USER32(?), ref: 00411BA1
        • IsRectEmpty.USER32(?), ref: 00411BB4
        • IsWindowVisible.USER32(?), ref: 00411BDB
        • GetFocus.USER32 ref: 00411BE9
        • #2864.MFC42(00000000,?,00000000), ref: 00411BF0
        • #6605.MFC42 ref: 00411C36
        • #289.MFC42(?), ref: 00411C40
        • #537.MFC42(?,?), ref: 00411C52
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00411C69
        • #2860.MFC42(00000000), ref: 00411C70
        • #5788.MFC42(00000000,00000000), ref: 00411C7A
        • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 00411CAE
        • #6197.MFC42(6D0EA018,?,?,000000FF,?,00000050), ref: 00411CDF
        • #5875.MFC42(00000001,6D0EA018,?,?,000000FF,?,00000050), ref: 00411CEA
        • #5788.MFC42(?), ref: 00411D10
        • SetCapture.USER32(?,?), ref: 00411D19
        • #2864.MFC42(00000000), ref: 00411D20
        • #800.MFC42(00000000), ref: 00411D2E
        • #613.MFC42(00000000), ref: 00411D3F
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864#5788Window$#2860#289#537#5875#613#6197#6605#800CaptureEmptyExtentFocusMessagePoint32RectSendTextVisible
        • String ID:
        • API String ID: 1052973344-0
        • Opcode ID: 5a541de6514cf8f7d8853c86495949eda2a6372b090c1199e6a1a8ff03a95b14
        • Instruction ID: 563cf2e3aa894bee5954ef733e3a8ba166e519cceaa4859d21dde127e7ec4e12
        • Opcode Fuzzy Hash: 5a541de6514cf8f7d8853c86495949eda2a6372b090c1199e6a1a8ff03a95b14
        • Instruction Fuzzy Hash: 11513775604740AFC314DF68D884FABB7E8FBC8714F008A1DB59687690DB78E844CB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10002E7C
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
        • timeGetTime.WINMM ref: 10002E8E
        • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
        • gethostbyname.WS2_32(?), ref: 10002EDF
        • htons.WS2_32(?), ref: 10002EF8
        • connect.WS2_32(?,?,00000010), ref: 10002F16
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
        • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
        • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
        • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
        • _beginthreadex.MSVCR100 ref: 10002FF6
        • _beginthreadex.MSVCR100 ref: 1000300B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 2079111011-3203441087
        • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
        • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(0041E8F0), ref: 00414D81
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414D96
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DA6
        • #6883.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DB6
        • #537.MFC42(Provincia,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DC4
        • #6883.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414DD9
        • #800.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414DE6
        • #537.MFC42(Anas,?,00000000,Provincia,?,00000000,?), ref: 00414DF4
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E09
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E16
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E24
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E39
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E46
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6883$#537#800
        • String ID: Anas$Comune$Provincia
        • API String ID: 1717197427-1109409966
        • Opcode ID: 2cc85ecaf75742fbc7f524f987d68be454302ffc22e66c38bb7658d9be050907
        • Instruction ID: 4e2d33064d6abd8d8f131be95bbc7ad306cc52d7b90e2c432d0fd03e88d80d9c
        • Opcode Fuzzy Hash: 2cc85ecaf75742fbc7f524f987d68be454302ffc22e66c38bb7658d9be050907
        • Instruction Fuzzy Hash: 2B515D70504B009FD324EF15C581BABB7E5BBC8324F108A1EE49A87780D779E98ACB49
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040CC74
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
          • Part of subcall function 0040DA60: #3293.MFC42(00000000,?,00000000,75BF3EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
          • Part of subcall function 0040DA60: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
          • Part of subcall function 0040DA60: GetClientRect.USER32(?,?), ref: 0040DAF3
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CCA2
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CCCB
        • #3293.MFC42(?,?,00000000), ref: 0040CCED
        • GetClientRect.USER32(?,?), ref: 0040CD17
        • SendMessageA.USER32 ref: 0040CD34
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CD52
        • #540.MFC42 ref: 0040CD73
        • #3089.MFC42 ref: 0040CDB4
        • #3286.MFC42(?,?), ref: 0040CDD4
        • #823.MFC42(00000014,?,?,?,?,?,?,?,?), ref: 0040CE00
        • #541.MFC42 ref: 0040CE1A
        • #800.MFC42(?), ref: 0040CE6E
        • #823.MFC42(0000016C,?), ref: 0040CE95
        • #535.MFC42(00000002,?,?,?,?), ref: 0040CED6
        • GetParent.USER32(?), ref: 0040CF26
        • #2864.MFC42(00000000), ref: 0040CF2D
        • #800.MFC42 ref: 0040CFEF
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#800#823Client$#2864#3089#3092#3286#535#540#541Parent
        • String ID:
        • API String ID: 2125008405-0
        • Opcode ID: f0a8bff8f873108d64a64abf37aee993c78833a39c863ebec92b2fb7ea6cea46
        • Instruction ID: bdeba55dabbe346482d1e2d4055adf7286c66d3c4c38834717c6475fd089da88
        • Opcode Fuzzy Hash: f0a8bff8f873108d64a64abf37aee993c78833a39c863ebec92b2fb7ea6cea46
        • Instruction Fuzzy Hash: 33B16D702043419FD724DF65C881BABBBE5BFC8704F004A2EF59997391DB78A845CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memset.MSVCR100 ref: 1000F659
        • memset.MSVCR100 ref: 1000F66C
        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 1000F68F
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Closememset$Open
        • String ID: %08X$Host
        • API String ID: 4198983563-2867006347
        • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
        • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E436
        • #3286.MFC42(00000000), ref: 0040E44B
        • #3293.MFC42(00000000,?,00000000,00000000), ref: 0040E492
        • GetClientRect.USER32(?,00000000), ref: 0040E4A0
        • InvalidateRect.USER32(?,?,00000001), ref: 0040E4C9
        • InvalidateRect.USER32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040E516
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040E52F
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040E548
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040E559
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040E577
        • #3293.MFC42(00000000,?,00000000), ref: 0040E584
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040E5AB
          • Part of subcall function 00401B70: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401B8D
          • Part of subcall function 00401B70: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401B9C
          • Part of subcall function 00401B70: #3286.MFC42(?), ref: 00401BAA
          • Part of subcall function 00401B70: SendMessageA.USER32(?,00001008,?,00000000), ref: 00401BE1
          • Part of subcall function 00401B70: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401BF2
        • #3089.MFC42 ref: 0040E698
        • GetParent.USER32(?), ref: 0040E6B7
        • #2864.MFC42(00000000), ref: 0040E6BE
        • SendMessageA.USER32(?,0000004E,?,?), ref: 0040E6D3
        • #5290.MFC42(?), ref: 0040E6E7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$RectScroll$#3286#3293EnableInvalidate$#2864#3089#5290ClientParentShow
        • String ID:
        • API String ID: 3965518664-0
        • Opcode ID: a4159e19f28e2276acd800a31d6ec83aec7225f8fae3b999c8bb4c10c06bcbe1
        • Instruction ID: 131fa331dea3b921b0b01fbb884be57261c6ebca500bae5ddefae37afd712bcf
        • Opcode Fuzzy Hash: a4159e19f28e2276acd800a31d6ec83aec7225f8fae3b999c8bb4c10c06bcbe1
        • Instruction Fuzzy Hash: D991B271340700ABD724DB29DC81FABB3E4BB98714F104D2EFA95A72D0DA79E8418769
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 0040699A
        • #536.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18), ref: 004069BD
        • #535.MFC42(00000084,?,00000001), ref: 004069F5
        • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406A4A
        • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406A8B
        • #800.MFC42(00000084,?,00000001), ref: 00406AA1
        • #535.MFC42(00000084,?,00000001), ref: 00406ADC
        • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406B2B
        • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406B5A
        • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406B9B
        • #800.MFC42(00000084,?,00000001), ref: 00406BAD
        • #800.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18), ref: 00406BC7
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 00406BD7
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 00406BED
        • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C17
        • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C2D
        • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C3B
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800$#535$#4129$#536#540
        • String ID:
        • API String ID: 2959236569-0
        • Opcode ID: de5838552160e8a1a68d872514f480001582ac3e1cd8effcbec341b14dea053e
        • Instruction ID: fdbbd305b15675dd317f3ab683c2c62ea9dc9fa98f6c2da4e4424d65e80139de
        • Opcode Fuzzy Hash: de5838552160e8a1a68d872514f480001582ac3e1cd8effcbec341b14dea053e
        • Instruction Fuzzy Hash: F381F4312082518FC700DF24C4907EB7BE56FAA344F19496DF8CAA73D1E63AE949CB85
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
        • #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040982B
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040984D
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040986F
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040988D
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098AB
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098CD
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098EF
          • Part of subcall function 004049C0: #2414.MFC42(?,?,?,?,?,?,?,004049A8), ref: 00404A05
          • Part of subcall function 004049C0: #682.MFC42(?,?,?,?,?,?,?,004049A8), ref: 00404A1A
        • #693.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409911
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#682#686#693#800
        • String ID:
        • API String ID: 3969047488-0
        • Opcode ID: 89a92bffa5beed12fcff500d2a05c41d0eb43154f3ef4fc3a7a78736a3bbb3a7
        • Instruction ID: 69f0adf552a5b93e4ecb8fb81ce234f528e32a1a3ca4b45b3ee66e9d1335e5b3
        • Opcode Fuzzy Hash: 89a92bffa5beed12fcff500d2a05c41d0eb43154f3ef4fc3a7a78736a3bbb3a7
        • Instruction Fuzzy Hash: 81712A74204782DBC714DF25C0403DAFBE5BF95708F044A1FE499AB392DBB9A944CB6A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • wsprintfA.USER32 ref: 1000DA17
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
        • GetLastError.KERNEL32 ref: 1000DA38
        • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
        • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
        • exit.MSVCR100 ref: 1000DA55
        • GetTickCount.KERNEL32 ref: 1000DAA0
        • GetTickCount.KERNEL32 ref: 1000DABB
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
        • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
        • CloseHandle.KERNEL32(?), ref: 1000DBE8
        • CloseHandle.KERNEL32(?), ref: 1000DC0B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
        • String ID: %d:%d
        • API String ID: 3209965405-4036436701
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411E99
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411EA9
          • Part of subcall function 00411E60: GetSysColor.USER32(00000007), ref: 00411EC4
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000E), ref: 00411ECB
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411ED2
          • Part of subcall function 00411E60: GetSysColor.USER32(00000004), ref: 00411ED9
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000D), ref: 00411EE0
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411EE7
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411EEE
          • Part of subcall function 00411E60: GetSysColor.USER32(00000011), ref: 00411EF5
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411EFC
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411F03
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411F0A
          • Part of subcall function 00411E60: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
          • Part of subcall function 00411E60: CreateFontIndirectA.GDI32(?), ref: 00411F57
        • CreatePopupMenu.USER32 ref: 0040893E
        • #1644.MFC42(00000000), ref: 00408949
        • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 00408965
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00408975
        • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00408988
        • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 0040899B
        • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 004089AE
        • GetMessagePos.USER32 ref: 004089B0
          • Part of subcall function 004129D0: #1146.MFC42(?,000000F1,?,75C63E40), ref: 004129FE
          • Part of subcall function 00412BB0: GetMenuItemCount.USER32(?), ref: 00412BE3
          • Part of subcall function 00412BB0: GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
          • Part of subcall function 00412BB0: GetSubMenu.USER32(?,-00000001), ref: 00412C15
          • Part of subcall function 00412BB0: #2863.MFC42(00000000,?,?,?,75C63E40), ref: 00412C1C
          • Part of subcall function 00412BB0: #540.MFC42(00000000,?,?,?,75C63E40), ref: 00412C40
          • Part of subcall function 00412BB0: GetMenuStringA.USER32 ref: 00412C61
          • Part of subcall function 00412BB0: #2919.MFC42(00000002), ref: 00412C70
          • Part of subcall function 00412BB0: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
          • Part of subcall function 00412BB0: #5572.MFC42(000000FF), ref: 00412C89
          • Part of subcall function 00412F20: GetMenuItemCount.USER32(?), ref: 00412F31
          • Part of subcall function 00412F20: #291.MFC42 ref: 00412F3D
          • Part of subcall function 00412F20: GetMenuItemID.USER32(?,-00000001), ref: 00412F65
          • Part of subcall function 00412F20: GetSubMenu.USER32(?,-00000001), ref: 00412F71
          • Part of subcall function 00412F20: #2863.MFC42(00000000), ref: 00412F78
        • #6270.MFC42(00000002,75C63E40,?,?,00000000,?,?,?,00000081), ref: 004089F5
        • #2438.MFC42(00000002,75C63E40,?,?,00000000,?,?,?,00000081), ref: 004089FE
          • Part of subcall function 00411FB0: #825.MFC42(?,?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?), ref: 00411FFB
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041200F
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041201C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 0041202C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 00412036
          • Part of subcall function 00411FB0: #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412040
          • Part of subcall function 00411FB0: #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 0041204D
          • Part of subcall function 00411FB0: #2438.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412062
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
        • String ID: &Annulla$&Copia$&Incolla$&Taglia
        • API String ID: 1545793310-1349790597
        • Opcode ID: 5ec9f6c7544c3081f12a7bd6ff77bf89187ec2610baa2cee98abc0811b0f6dfc
        • Instruction ID: 043b1e9b273fcc1ac97f1f7bc20ceb14be864e242e7ea733c33d660d4d9379a0
        • Opcode Fuzzy Hash: 5ec9f6c7544c3081f12a7bd6ff77bf89187ec2610baa2cee98abc0811b0f6dfc
        • Instruction Fuzzy Hash: 33218271244340BBD210EB55CC42FDFB7A8EB88B10F208D1EB661671D0CBB8A444CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411E99
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411EA9
          • Part of subcall function 00411E60: GetSysColor.USER32(00000007), ref: 00411EC4
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000E), ref: 00411ECB
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411ED2
          • Part of subcall function 00411E60: GetSysColor.USER32(00000004), ref: 00411ED9
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000D), ref: 00411EE0
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411EE7
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411EEE
          • Part of subcall function 00411E60: GetSysColor.USER32(00000011), ref: 00411EF5
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411EFC
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411F03
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411F0A
          • Part of subcall function 00411E60: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
          • Part of subcall function 00411E60: CreateFontIndirectA.GDI32(?), ref: 00411F57
        • CreatePopupMenu.USER32 ref: 004077DE
        • #1644.MFC42(00000000), ref: 004077E9
        • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 00407805
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00407815
        • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00407828
        • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 0040783B
        • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 0040784E
        • GetMessagePos.USER32 ref: 00407850
          • Part of subcall function 004129D0: #1146.MFC42(?,000000F1,?,75C63E40), ref: 004129FE
          • Part of subcall function 00412BB0: GetMenuItemCount.USER32(?), ref: 00412BE3
          • Part of subcall function 00412BB0: GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
          • Part of subcall function 00412BB0: GetSubMenu.USER32(?,-00000001), ref: 00412C15
          • Part of subcall function 00412BB0: #2863.MFC42(00000000,?,?,?,75C63E40), ref: 00412C1C
          • Part of subcall function 00412BB0: #540.MFC42(00000000,?,?,?,75C63E40), ref: 00412C40
          • Part of subcall function 00412BB0: GetMenuStringA.USER32 ref: 00412C61
          • Part of subcall function 00412BB0: #2919.MFC42(00000002), ref: 00412C70
          • Part of subcall function 00412BB0: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
          • Part of subcall function 00412BB0: #5572.MFC42(000000FF), ref: 00412C89
          • Part of subcall function 00412F20: GetMenuItemCount.USER32(?), ref: 00412F31
          • Part of subcall function 00412F20: #291.MFC42 ref: 00412F3D
          • Part of subcall function 00412F20: GetMenuItemID.USER32(?,-00000001), ref: 00412F65
          • Part of subcall function 00412F20: GetSubMenu.USER32(?,-00000001), ref: 00412F71
          • Part of subcall function 00412F20: #2863.MFC42(00000000), ref: 00412F78
        • #6270.MFC42(00000002,75C63E40,?,?,00000000,?,?,?,00000081), ref: 00407895
        • #2438.MFC42(00000002,75C63E40,?,?,00000000,?,?,?,00000081), ref: 0040789E
          • Part of subcall function 00411FB0: #825.MFC42(?,?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?), ref: 00411FFB
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041200F
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041201C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 0041202C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 00412036
          • Part of subcall function 00411FB0: #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412040
          • Part of subcall function 00411FB0: #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 0041204D
          • Part of subcall function 00411FB0: #2438.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412062
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
        • String ID: &Annulla$&Copia$&Incolla$&Taglia
        • API String ID: 1545793310-1349790597
        • Opcode ID: 83a35bd5f2bf3126c7fbcb622448bf440223788d703dc3268ea508fb2ea73ac9
        • Instruction ID: d0182e2003be76b948f0e8cbd0089100785693cea0c103307651707d329406c4
        • Opcode Fuzzy Hash: 83a35bd5f2bf3126c7fbcb622448bf440223788d703dc3268ea508fb2ea73ac9
        • Instruction Fuzzy Hash: 06218271644340BBD210EB15CC42FDFB7A8EB88B10F208D1EB661671D0CBB8A444CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,1D7EE358,745947A0,?,?,00000001), ref: 10004AE6
        • EnterCriticalSection.KERNEL32(?,1D7EE358,745947A0,?,?,00000001), ref: 10004B0D
        • SetLastError.KERNEL32(0000139F), ref: 10004B21
        • LeaveCriticalSection.KERNEL32(?), ref: 10004B28
        • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6215CaptureMessageRelease$#2864ClientPostScreen$#5290FocusFromPointSendWindow
        • String ID:
        • API String ID: 3881921562-0
        • Opcode ID: 6cee499fa40594b597a01b46b7dc831a577221051b9d33a76c49a61822d96e0e
        • Instruction ID: 432075c00c82a46ec2eec180b4bcdd32e0173e9ddcaef392197e9de0b335b728
        • Opcode Fuzzy Hash: 6cee499fa40594b597a01b46b7dc831a577221051b9d33a76c49a61822d96e0e
        • Instruction Fuzzy Hash: 33517F766147029FD314DF28D884AABB7E4EF88310F14C93EF66687790C678E844CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#3874#540#800#858#860MessageSendWindow
        • String ID:
        • API String ID: 1997798510-0
        • Opcode ID: 434cc625a9e94f3d8e973cdc58c00d50eb33104d3bac2fe5f741bfebfb99dd83
        • Instruction ID: 2a7d54997ec92ff64589da6accb1ad6ddd915dd244c8e0d4ace4bd6d1b48d11a
        • Opcode Fuzzy Hash: 434cc625a9e94f3d8e973cdc58c00d50eb33104d3bac2fe5f741bfebfb99dd83
        • Instruction Fuzzy Hash: AA419F756087019FC724DF65C890AABB7E8BF89714F058A2EF496973C0DB38E809CB55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403184
        • #823.MFC42 ref: 00403198
        • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 004031B4
        • qsort.MSVCRT ref: 004031C8
        • #540.MFC42 ref: 004031E4
        • #3803.MFC42 ref: 004031FA
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040320E
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 00403223
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403238
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 0040324C
        • #800.MFC42 ref: 0040325A
        • #3092.MFC42(00000001), ref: 00403279
        • #4123.MFC42(00000001), ref: 00403280
        • #3092.MFC42(00000001,00000001,00000001), ref: 0040328F
        • #2642.MFC42(00000001,00000001,00000001), ref: 00403296
        • #825.MFC42(00000000), ref: 004032A7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
        • String ID:
        • API String ID: 203305839-0
        • Opcode ID: bfcb2955e9eeca1c0ef4bedf158bcf6c3cbe087d369cd8ab1f9a27c86320d5d6
        • Instruction ID: 4a5e7915ececa285c77ff163f98c61616efa47339a82104610a8193d14ddfe2e
        • Opcode Fuzzy Hash: bfcb2955e9eeca1c0ef4bedf158bcf6c3cbe087d369cd8ab1f9a27c86320d5d6
        • Instruction Fuzzy Hash: E631B5B0240705BBE610EF65DC81FABB39CFF94718F00092EF655A72C1EA78A9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403304
        • #823.MFC42 ref: 00403318
        • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 00403334
        • qsort.MSVCRT ref: 00403348
        • #540.MFC42 ref: 00403364
        • #3803.MFC42 ref: 0040337D
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00403391
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004033A6
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 004033BB
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004033CF
        • #800.MFC42 ref: 004033DD
        • #3092.MFC42(00000001), ref: 004033FC
        • #4123.MFC42(00000001), ref: 00403403
        • #3092.MFC42(00000001,00000001,00000001), ref: 00403412
        • #2642.MFC42(00000001,00000001,00000001), ref: 00403419
        • #825.MFC42(00000000), ref: 0040342A
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
        • String ID:
        • API String ID: 203305839-0
        • Opcode ID: 5312972f923e5bf863ac23c3bd0b68f943901f9f5942beeb42dce5626d38e23d
        • Instruction ID: 9321509ac705905c2932cd221e2d6c618522df728e2f0b63cb48e87360bed5c7
        • Opcode Fuzzy Hash: 5312972f923e5bf863ac23c3bd0b68f943901f9f5942beeb42dce5626d38e23d
        • Instruction Fuzzy Hash: EA31B7B02407057BE610EF65CC91FABB79CFFC4718F004A2DF655AB2C1DAB8A9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040FCE8
        • #2864.MFC42(00000000), ref: 0040FCEF
        • #5981.MFC42(00000000), ref: 0040FCFA
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
          • Part of subcall function 00401AD0: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
          • Part of subcall function 00401AD0: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        • #3286.MFC42(00000000,?,?,00000000), ref: 0040FD2C
        • #3293.MFC42(00000000,?,00000000,?,00000000,?,?,00000000), ref: 0040FD80
        • GetClientRect.USER32(?,00000000), ref: 0040FD8E
        • InvalidateRect.USER32(?,?,00000001,?,00000000,?,?,00000000), ref: 0040FDB7
        • InvalidateRect.USER32(?,?,00000000,00000000,00000000,?,?,00000000,?,?,00000000), ref: 0040FE04
        • ShowScrollBar.USER32(?,00000003,00000001,00000000,?,?,00000000), ref: 0040FE1E
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040FE37
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040FE48
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040FE66
        • #3293.MFC42(00000000,?,00000000), ref: 0040FE73
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040FE9A
        • #2379.MFC42(00000000), ref: 0040FEA7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$RectScroll$#3293EnableInvalidate$#2379#2864#3286#3998#5981#6007ClientFocusShow
        • String ID:
        • API String ID: 1735829022-0
        • Opcode ID: ac5d11673f0c16f964fcbedb52742e6f07065bbf70cf08de5e6469a27dd36065
        • Instruction ID: 0aaae5f5596d289ced406aea480840719eacc4f45737fc74579e6d0267b2a2ac
        • Opcode Fuzzy Hash: ac5d11673f0c16f964fcbedb52742e6f07065bbf70cf08de5e6469a27dd36065
        • Instruction Fuzzy Hash: A2519071300705ABD724DB25CC81FABB3E9EB88704F10493DF696A72D1DA74F9058B99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040FB18
        • #2864.MFC42(00000000), ref: 0040FB1F
        • #5981.MFC42(00000000), ref: 0040FB2A
        • GetParent.USER32(?), ref: 0040FB50
        • #2864.MFC42(00000000), ref: 0040FB57
        • SendMessageA.USER32(?,00001019,00000000,?), ref: 0040FBB7
        • SendMessageA.USER32(?,?,?,0000101A), ref: 0040FBE1
        • #3092.MFC42 ref: 0040FC08
        • SendMessageA.USER32(?,00001203,00000000,?), ref: 0040FC25
        • SendMessageA.USER32(?,00001204,00000000,?), ref: 0040FC4E
        • GetWindowRect.USER32(?,?), ref: 0040FC7F
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 0040FCBA
        • GetFocus.USER32 ref: 0040FCBC
        • #2864.MFC42(00000000), ref: 0040FCC3
        • #5981.MFC42(00000000), ref: 0040FCCE
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#2864$#5981Focus$#3092ParentRectWindow
        • String ID:
        • API String ID: 3834894444-0
        • Opcode ID: dd566917d49f5791739a551efdc58e5556ff864fb2975e49bacf679bf230aeb6
        • Instruction ID: 75bea8e93dd8337d625dc5d9a8711e7e0234719ca2e1de54b4ea5c160b0486a3
        • Opcode Fuzzy Hash: dd566917d49f5791739a551efdc58e5556ff864fb2975e49bacf679bf230aeb6
        • Instruction Fuzzy Hash: 8D513970204705AFD724DF21C851BABB7E9BF88704F00893EF99697680D778E8058F99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403481
        • #3092.MFC42(00000000,?,?,?,?,?,00415B68,000000FF), ref: 0040348F
        • #4123.MFC42(00000000,?,?,?,?,?,00415B68,000000FF), ref: 00403496
        • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B68,000000FF), ref: 004034A5
        • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B68,000000FF), ref: 004034AC
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004034C1
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004034DD
        • #540.MFC42(?,?,?,?,?,?,00415B68,000000FF), ref: 004034ED
        • #3803.MFC42(00000000,?,?,?,?,?,?,?,00415B68,000000FF), ref: 00403506
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040351A
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 0040352D
        • SendMessageA.USER32(?,00000181,00000001,?), ref: 00403542
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403554
        • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 00403565
        • #800.MFC42(?,?,?,?,?,?,00415B68,000000FF), ref: 0040357A
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800
        • String ID:
        • API String ID: 4043816869-0
        • Opcode ID: 2e03029367892f3c060db6a1b496afd3c26b0c1247bcb1865961dce40f97b523
        • Instruction ID: bc9bc101665e2bb95601ba4170fac8283b13dbb938950162e68986635580def5
        • Opcode Fuzzy Hash: 2e03029367892f3c060db6a1b496afd3c26b0c1247bcb1865961dce40f97b523
        • Instruction Fuzzy Hash: 1F31A7713407407BE620DB768C96F9BB2DDFBC4B14F500A1DF655AB2C0DA78E9058758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #384.MFC42 ref: 00411E99
        • #384.MFC42 ref: 00411EA9
        • GetSysColor.USER32(00000007), ref: 00411EC4
        • GetSysColor.USER32(0000000E), ref: 00411ECB
        • GetSysColor.USER32(0000000F), ref: 00411ED2
        • GetSysColor.USER32(00000004), ref: 00411ED9
        • GetSysColor.USER32(0000000D), ref: 00411EE0
        • GetSysColor.USER32(00000014), ref: 00411EE7
        • GetSysColor.USER32(00000010), ref: 00411EEE
        • GetSysColor.USER32(00000011), ref: 00411EF5
        • GetSysColor.USER32(0000000F), ref: 00411EFC
        • GetSysColor.USER32(00000014), ref: 00411F03
        • GetSysColor.USER32(00000010), ref: 00411F0A
        • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
        • CreateFontIndirectA.GDI32(?), ref: 00411F57
          • Part of subcall function 00412980: DeleteObject.GDI32(?), ref: 0041298E
          • Part of subcall function 00412980: GetObjectA.GDI32(?,0000003C,?), ref: 004129A6
          • Part of subcall function 00412980: CreateFontIndirectA.GDI32(?), ref: 004129B9
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Color$#384CreateFontIndirectObject$DeleteInfoParametersSystem
        • String ID:
        • API String ID: 3440023120-0
        • Opcode ID: b35c077c83df1825cd7ba92365bd9f7b4374c2491f0b605509a5598b85fff4e3
        • Instruction ID: 6ac4497f5d40e9b1e3c8c21e6150fa3d562da67572652c3ca37e52926b3b37a4
        • Opcode Fuzzy Hash: b35c077c83df1825cd7ba92365bd9f7b4374c2491f0b605509a5598b85fff4e3
        • Instruction Fuzzy Hash: AD31F8B1944B849FD730AF76C945B97BBE4FB84704F004D2EE28A8BA80D7B9A444CF51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetParent.USER32(?), ref: 004065D0
        • #2864.MFC42(00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 004065D7
        • WindowFromPoint.USER32(?,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 004065F9
        • #2864.MFC42(00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406600
        • IsChild.USER32(?,?), ref: 00406613
        • #5290.MFC42(?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406651
        • #5981.MFC42(00000000,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406692
        • #5981.MFC42 ref: 004066AA
        • GetKeyState.USER32(00000010), ref: 004066BB
          • Part of subcall function 00407110: GetParent.USER32(?), ref: 0040711B
          • Part of subcall function 00407110: #2864.MFC42(00000000), ref: 00407122
          • Part of subcall function 00407110: SendMessageA.USER32(?,00000403,00000001,?), ref: 00407157
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864$#5981Parent$#5290ChildFromMessagePointSendStateWindow
        • String ID:
        • API String ID: 3514343147-0
        • Opcode ID: ee3cb37d34509a9d35771c76da26bd044ec8fe4641df2870e28deacd92bdc458
        • Instruction ID: 8275b49472e782245c680e1a3d1ecb718942acc66207dccd9aac981c6a9afee2
        • Opcode Fuzzy Hash: ee3cb37d34509a9d35771c76da26bd044ec8fe4641df2870e28deacd92bdc458
        • Instruction Fuzzy Hash: 2F5106706002059BCB24AF25C891BBB7799AF95308F11493FF457A73C1CB3DAC628B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4720.MFC42 ref: 00413825
          • Part of subcall function 0040FA00: #823.MFC42(00000014,?,?,?,004169EB,000000FF), ref: 0040FA2B
          • Part of subcall function 00402210: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040222E
          • Part of subcall function 00402210: GlobalAlloc.KERNEL32(00000040,00000030,00000000,0040217B,?,?,?,?,?,?,?,?), ref: 0040223A
          • Part of subcall function 004025A0: #825.MFC42(?), ref: 004025B6
          • Part of subcall function 004025A0: #823.MFC42(00000000), ref: 004025CF
          • Part of subcall function 00402610: #540.MFC42 ref: 00402631
          • Part of subcall function 00402610: #540.MFC42 ref: 00402640
          • Part of subcall function 00402610: #540.MFC42 ref: 0040264E
          • Part of subcall function 00402610: #2818.MFC42(?,GfxLists\%s,?), ref: 00402667
          • Part of subcall function 00402610: #1168.MFC42 ref: 0040266F
          • Part of subcall function 00402610: #3521.MFC42(?,NumDef,00000000), ref: 00402684
          • Part of subcall function 00402610: #800.MFC42 ref: 00402698
          • Part of subcall function 00402610: #800.MFC42 ref: 004026A6
          • Part of subcall function 00402610: #800.MFC42 ref: 004026B7
          • Part of subcall function 0040C7F0: #3797.MFC42(?,00409A2B), ref: 0040C7F3
          • Part of subcall function 0040C7F0: GetDlgItem.USER32(?,00000000), ref: 0040C806
          • Part of subcall function 0040C7F0: #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
          • Part of subcall function 0040C7F0: #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
          • Part of subcall function 0040C7F0: #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
          • Part of subcall function 0040C630: #6197.MFC42(00000000,00000000,00000000,00000000,00000000,?), ref: 0040C676
        • #6197.MFC42(00000000,00000000,00000000,00000000,00000000,00000020,00000008,The Combox,00000000,00000000,00000078,00000022,000000FF,00000000,00000006,00000000), ref: 00413988
        • SendMessageA.USER32(?,0000102F,000000C8,00000000), ref: 004139A7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800$#6197#823AllocGlobal$#1168#2818#3521#3797#4284#4720#6215#6242#825ItemMessageSend
        • String ID: Colonna 0$Colonna 1$Colonna 2$Colonna 3$Image 1$Image 2$Image 3$The Combox$TheMainList
        • API String ID: 3093119053-3160562909
        • Opcode ID: 0d7e116d976a3ceaf95b9c42c612b9dedfac963abb67f16340a114a0ac8830bb
        • Instruction ID: be173d671467a1c0d92aaa73b0419ca8199545a579c13aa196bd0f9282e95cc1
        • Opcode Fuzzy Hash: 0d7e116d976a3ceaf95b9c42c612b9dedfac963abb67f16340a114a0ac8830bb
        • Instruction Fuzzy Hash: 8B41E9303C471176F53966624C5BF9D55015BA4F29FB0472EBB253E2C2CEED3A95428C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040469D
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004046B8
        • #3092.MFC42(000003F8), ref: 004046C5
        • #4123.MFC42(000003F8), ref: 004046CC
        • #6334.MFC42(00000001,000003F8), ref: 004046DD
        • #825.MFC42(?,00000001,000003F8), ref: 00404742
        • #823.MFC42(?,00000001,000003F8), ref: 00404755
        • #825.MFC42(?,00000001,000003F8), ref: 00404783
        • #823.MFC42(?,00000001,000003F8), ref: 00404796
        • lstrcpyA.KERNEL32(?,?), ref: 004047BA
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004047CF
        • SendMessageA.USER32(?,00000181,00000000,?), ref: 004047E5
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004047FB
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 0040480C
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#823#825$#3092#4123#6334lstrcpy
        • String ID:
        • API String ID: 2566407596-0
        • Opcode ID: 35b2f37e661f9f33f4aba666b0f8098ea2d1628576246a4dcfc551fb5f6d6a48
        • Instruction ID: 07b6ad3bbb86671c435e470879c1264a668ce6557a5b45f154f05534b8e4845d
        • Opcode Fuzzy Hash: 35b2f37e661f9f33f4aba666b0f8098ea2d1628576246a4dcfc551fb5f6d6a48
        • Instruction Fuzzy Hash: E841D1B47007016BD220DB34CC91FA7B3E9AB85304F148A2DE65A9B381DA35FC45C758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
        • InternetCloseHandle.WININET(00000000), ref: 10006861
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
        • InternetCloseHandle.WININET(00000000), ref: 10006929
        • InternetCloseHandle.WININET(00000000), ref: 1000692C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
        • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
        • API String ID: 3920785804-909499719
        • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
        • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
        • String ID: A
        • API String ID: 801014965-390959529
        • Opcode ID: 802509e6c35e8fc3480a6de3a9dd9f2c90ed713621ed25efa6cae7e4e4afb914
        • Instruction ID: 6fc03e221425299f9bff35cc58ee5bdd20ec16252789afcb9b9207824440d97e
        • Opcode Fuzzy Hash: 802509e6c35e8fc3480a6de3a9dd9f2c90ed713621ed25efa6cae7e4e4afb914
        • Instruction Fuzzy Hash: 4E41DEB4810708EFDB209FA1DC85AEA7BB8FB49320F20452FF85197391C7784881CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004035D1
        • #3092.MFC42(00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035DF
        • #4123.MFC42(00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035E6
        • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035F5
        • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035FC
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403611
        • #540.MFC42(?,?,?,?,?,?,00415B88,000000FF), ref: 00403622
        • #3803.MFC42(00000000,?,?,?,?,?,?,?,00415B88,000000FF), ref: 0040363B
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040364F
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 00403662
        • SendMessageA.USER32(?,00000181,-00000001,?), ref: 00403677
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403689
        • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 0040369A
        • #800.MFC42(?,?,?,?,?,?,00415B88,000000FF), ref: 004036AF
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800
        • String ID:
        • API String ID: 4043816869-0
        • Opcode ID: 62b9a37fe99eb9a5674a476eb871025e975c381c1dd4185e6368c3b5510919cb
        • Instruction ID: 696ec18e5fbdbcec3eec23283961f1a372e716ba85b5b625bcc778a32171051b
        • Opcode Fuzzy Hash: 62b9a37fe99eb9a5674a476eb871025e975c381c1dd4185e6368c3b5510919cb
        • Instruction Fuzzy Hash: C231A7713407407BE624DB768C96FDBB7EDFBC5B14F400A1DB2559B2C0DA78A9018758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Rect$#2864Parent$Invalidate$#2379#825CaptureEmptyReleaseUpdateWindow
        • String ID:
        • API String ID: 3105689944-0
        • Opcode ID: 36c1a64f0ec529c8e851d6d6a11afc657c7e538cb3bd9242fdc31f33c894f5ad
        • Instruction ID: 3eadf062b2506d23d9dddd76cc83797dd411d37536ad3682693906632b38f7fb
        • Opcode Fuzzy Hash: 36c1a64f0ec529c8e851d6d6a11afc657c7e538cb3bd9242fdc31f33c894f5ad
        • Instruction Fuzzy Hash: 34313A75200B049FD720DB26DC84FA7B7A9FB89704F14892EE58297780CB78F8419B28
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #470.MFC42 ref: 00407E02
        • SendMessageA.USER32 ref: 00407E1C
        • #2860.MFC42(00000000), ref: 00407E23
        • #5788.MFC42(00000000,00000000), ref: 00407E2D
        • GetClientRect.USER32(?,?), ref: 00407E3D
        • GetSysColor.USER32(00000005), ref: 00407E45
        • #2754.MFC42(00000000,00000000), ref: 00407E55
        • #5875.MFC42(00000001,00000000,00000000), ref: 00407E60
        • #540.MFC42(00000001,00000000,00000000), ref: 00407E6B
        • #3874.MFC42(?,00000001,00000000,00000000), ref: 00407E7C
        • #5875.MFC42(00000000), ref: 00407E9E
        • #5788.MFC42(00000000,00000000), ref: 00407EA8
        • #800.MFC42(00000000,00000000), ref: 00407EB6
        • #755.MFC42(00000000,00000000), ref: 00407EC7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #5788#5875$#2754#2860#3874#470#540#755#800ClientColorMessageRectSend
        • String ID:
        • API String ID: 883975206-0
        • Opcode ID: 6ce2c4b8bcafbecd102fa9f051a8bff160cd9f9c6567dcf0006c4ccf72847f9a
        • Instruction ID: 0881c0a840ad79570d244407091d4c054fec20e15dfb31a946ba789e19f53efb
        • Opcode Fuzzy Hash: 6ce2c4b8bcafbecd102fa9f051a8bff160cd9f9c6567dcf0006c4ccf72847f9a
        • Instruction Fuzzy Hash: BA217C32108B40AFC214EB61CC46FDBB3E8FB88714F104A1DB5A6932D1DB78A944CF56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessageSend
        • String ID:
        • API String ID: 389268762-0
        • Opcode ID: 3d834bd4d29e1cd80c3a7c7741d6b3a9530be08921314695cd817af25bc1d272
        • Instruction ID: 416cdc28b12b9400e015c67e8154715332b7d1fbd44f9ac8e21404b34fb08969
        • Opcode Fuzzy Hash: 3d834bd4d29e1cd80c3a7c7741d6b3a9530be08921314695cd817af25bc1d272
        • Instruction Fuzzy Hash: 93118FB2A00704EFC714BBB29D48CAB77A8EFCC3147048A6EF58587241DA78D8428F65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessagePost
        • String ID:
        • API String ID: 3939144538-0
        • Opcode ID: 0138f4c474f69832da159f243471fd52f2ec0f1a5aedc09605e52a9044fa2a86
        • Instruction ID: a6aac47cd38d46e145c0ee9467843a5d1996aec9897bc41982146c21bbe41a2c
        • Opcode Fuzzy Hash: 0138f4c474f69832da159f243471fd52f2ec0f1a5aedc09605e52a9044fa2a86
        • Instruction Fuzzy Hash: 83012EB6900704ABC620BBB69C45CAB77E8FBCC3147018E6EF45587241DA78E8428F65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040D783
        • #540.MFC42 ref: 0040D792
        • #3089.MFC42 ref: 0040D7CE
          • Part of subcall function 00410000: SendMessageA.USER32 ref: 00410046
          • Part of subcall function 00410000: #6907.MFC42(00000000,?,000000FF,00000000), ref: 00410059
          • Part of subcall function 00410000: SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 0041006D
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040D7E8
        • #3286.MFC42(00000000,?), ref: 0040D80A
        • #860.MFC42(?,00000000,?), ref: 0040D81B
        • SendMessageA.USER32(?,0000100C,00000000,00000002), ref: 0040D86D
        • #5981.MFC42 ref: 0040D87F
        • #540.MFC42 ref: 0040D8AD
        • #3089.MFC42 ref: 0040D8EE
        • #3286.MFC42(?,?), ref: 0040D917
        • #860.MFC42(?,?,?), ref: 0040D928
        • #800.MFC42(?,?,?,?,?,?,?), ref: 0040D981
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3089#3286#540#860$#5981#6907#800
        • String ID:
        • API String ID: 521315000-0
        • Opcode ID: 36e42d9ec16e0244ef896ccb25f52fbe562af923f68b5eb9355b1970a237a859
        • Instruction ID: 2fcfc281c1d0749d2d93b7404d812e7da1b225060a511b39ac9aa07039c5cfc2
        • Opcode Fuzzy Hash: 36e42d9ec16e0244ef896ccb25f52fbe562af923f68b5eb9355b1970a237a859
        • Instruction Fuzzy Hash: 99617FB06087409FC714EF56C880A6BBBE5FBC8B14F104A1EF5A597381CB78D845CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407BEA
        • #540.MFC42(?,?,?,?,00416108,000000FF), ref: 00407BFA
        • #3803.MFC42(00000000,?,?,?,?,?,00416108,000000FF), ref: 00407C0F
        • #4171.MFC42(00000000,?,?,?,?,?,00416108,000000FF), ref: 00407C18
        • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407C2B
        • #6311.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C31
        • #800.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C42
        • #4171.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C73
        • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407C89
        • #6311.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C91
        • #5981.MFC42(?,?,?,?,00416108,000000FF), ref: 00407BBA
          • Part of subcall function 00406560: GetClientRect.USER32(?,?), ref: 0040656F
          • Part of subcall function 00406560: InvalidateRect.USER32(?,?,00000001,?,?,00000000,?,00000000), ref: 004065A3
        • #5981.MFC42(?,?,?,?,00416108,000000FF), ref: 00407CBE
        • #5290.MFC42(?,?,?,?,?,00416108,000000FF), ref: 00407CEE
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#4171#5981#6311Rect$#3803#5290#540#800ClientInvalidate
        • String ID:
        • API String ID: 2697405086-0
        • Opcode ID: d38927745480dd28fcc5fd732de33871e2a2355540247c6d34f80002447b2240
        • Instruction ID: 8db650e57fb87165721bc15fd4944102db13c3176becebb480abc46006a58577
        • Opcode Fuzzy Hash: d38927745480dd28fcc5fd732de33871e2a2355540247c6d34f80002447b2240
        • Instruction Fuzzy Hash: CC418C72304A009FD224DF15D891FAAB3A5FBC4B20F00492EFA52877C1CB3AE805CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407A7B
        • IsWindow.USER32(?), ref: 00407A95
        • #5981.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407AA6
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407ACE
        • #540.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407ADE
        • #3803.MFC42(00000000,?,?,?,?,?,?,004160E8,000000FF), ref: 00407AF3
        • #4171.MFC42(00000000,?,?,?,?,?,?,004160E8,000000FF), ref: 00407AFC
        • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00407B0F
        • #6311.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B15
        • #800.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B26
        • #4171.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B39
        • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407B4F
        • #6311.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B57
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#4171#6311$#2379#3803#540#5981#800Window
        • String ID:
        • API String ID: 1959545760-0
        • Opcode ID: 24cc62f3ff54a8449bfc7e62a2a3b613b5b2ed56fd2829ba58f23af0ef65f817
        • Instruction ID: cfce2d2c104eac81aaa849079783a2e54d1241d4ab6f2c7c66a6d90d17161818
        • Opcode Fuzzy Hash: 24cc62f3ff54a8449bfc7e62a2a3b613b5b2ed56fd2829ba58f23af0ef65f817
        • Instruction Fuzzy Hash: 2C319C71304711ABC320EB65DC41FABB7A9FB88714F104A6EB656972C1CB38F801CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00408366
        • GetParent.USER32(?), ref: 0040837E
        • #2864.MFC42(00000000), ref: 00408385
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0040839A
        • #2860.MFC42(00000000), ref: 0040839D
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004083B2
        • #6199.MFC42(?), ref: 004083BA
        • #5981.MFC42(?), ref: 004083C1
        • #6134.MFC42(00000000,000000FF,?), ref: 004083CC
        • GetCursorPos.USER32(?), ref: 004083DD
        • ScreenToClient.USER32(?,?), ref: 004083EC
        • PostMessageA.USER32(?,00000201,00000000,?), ref: 0040841D
        • PostMessageA.USER32(?,00000202,00000000,?), ref: 00408444
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$PostSend$#2379#2860#2864#5981#6134#6199ClientCursorParentScreen
        • String ID:
        • API String ID: 3385793932-0
        • Opcode ID: aae1508c2075d44cf8d3cefba015964662f9db4db6e94e09ea49040c11348bc1
        • Instruction ID: 7c5f8338a5aadf6bc6e1cc0e3de88ad0686b23dfc432d154a509f70981585774
        • Opcode Fuzzy Hash: aae1508c2075d44cf8d3cefba015964662f9db4db6e94e09ea49040c11348bc1
        • Instruction Fuzzy Hash: 3A21E571610701ABEA24E774DC55FBB77A9EFC8710F108A3EF991972C0D978E800CA58
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00414928
          • Part of subcall function 0040FA00: #823.MFC42(00000014,?,?,?,004169EB,000000FF), ref: 0040FA2B
          • Part of subcall function 00402210: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040222E
          • Part of subcall function 00402210: GlobalAlloc.KERNEL32(00000040,00000030,00000000,0040217B,?,?,?,?,?,?,?,?), ref: 0040223A
          • Part of subcall function 004025A0: #825.MFC42(?), ref: 004025B6
          • Part of subcall function 004025A0: #823.MFC42(00000000), ref: 004025CF
          • Part of subcall function 00402610: #540.MFC42 ref: 00402631
          • Part of subcall function 00402610: #540.MFC42 ref: 00402640
          • Part of subcall function 00402610: #540.MFC42 ref: 0040264E
          • Part of subcall function 00402610: #2818.MFC42(?,GfxLists\%s,?), ref: 00402667
          • Part of subcall function 00402610: #1168.MFC42 ref: 0040266F
          • Part of subcall function 00402610: #3521.MFC42(?,NumDef,00000000), ref: 00402684
          • Part of subcall function 00402610: #800.MFC42 ref: 00402698
          • Part of subcall function 00402610: #800.MFC42 ref: 004026A6
          • Part of subcall function 00402610: #800.MFC42 ref: 004026B7
          • Part of subcall function 0040C7F0: #3797.MFC42(?,00409A2B), ref: 0040C7F3
          • Part of subcall function 0040C7F0: GetDlgItem.USER32(?,00000000), ref: 0040C806
          • Part of subcall function 0040C7F0: #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
          • Part of subcall function 0040C7F0: #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
          • Part of subcall function 0040C7F0: #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
          • Part of subcall function 0040C630: #6197.MFC42(00000000,00000000,00000000,00000000,00000000,?), ref: 0040C676
        • SendMessageA.USER32(000000FF,0000102F,000000C8,00000000), ref: 00414AD6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800$#823AllocGlobal$#1168#2818#3521#3797#4284#4710#6197#6215#6242#825ItemMessageSend
        • String ID: Colonna 0$Colonna 1$Colonna 2$Colonna 3$Image 1$Image 2$Image 3$The Combox$TheDialogList
        • API String ID: 2277402770-3319858531
        • Opcode ID: 81e860d35504bf932eed5caa138392c3d0229e3298ef1eb2b36a763aed4008cb
        • Instruction ID: 2893507d3d3627270e5bab3132627538ef3e197090d2b8e97ee9b2963e26727d
        • Opcode Fuzzy Hash: 81e860d35504bf932eed5caa138392c3d0229e3298ef1eb2b36a763aed4008cb
        • Instruction Fuzzy Hash: A1417F703C471176F6246A228C5BF9E65419B94F18F700A2EFB153E2C2CAFE7589478D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401972
        • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 0040197F
        • #540.MFC42(?,?,00000000,00000000), ref: 00401996
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 004019CC
        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 004019E6
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401A04
        • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000), ref: 00401A33
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000), ref: 00401A58
        • #800.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 00401A7E
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401AAA
        Strings
        • Categoria: %s (%d element%c), xrefs: 004019C6
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007$#2818#540#800
        • String ID: Categoria: %s (%d element%c)
        • API String ID: 3038386888-3571718097
        • Opcode ID: 448111b3b23547297665b8ff52bc525bc126dc56790e5e6e8279de4907e31e0d
        • Instruction ID: 87d62f801f2460637964f90c88e523243ecd0f03fd2e19ce8ac88af5e0f5324e
        • Opcode Fuzzy Hash: 448111b3b23547297665b8ff52bc525bc126dc56790e5e6e8279de4907e31e0d
        • Instruction Fuzzy Hash: 0E41A3703403056BD324DF15CC82FA7B7A5FB89B24F20462DBA59AB3C1D774E9468B98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(?,?,?,?,?,00416FC8,000000FF), ref: 00414C3E
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
        • #860.MFC42(0041E71C,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414C62
        • #860.MFC42(0041E718,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414C77
        • lstrcpynA.KERNEL32(?,?,?), ref: 00414CE8
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414D04
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #860$#540#800MessageSendlstrcpyn
        • String ID: %d, %d$col 3 - item %d
        • API String ID: 3464979670-1575453508
        • Opcode ID: 2bf4730485b5756d093b17ab02da81ca8514affbe3bfd582e300c49465aa1b3b
        • Instruction ID: 19e689d9ab30b7f8e47f8269710f3a11b3dd490aa0afa492d86d6fab2276d26e
        • Opcode Fuzzy Hash: 2bf4730485b5756d093b17ab02da81ca8514affbe3bfd582e300c49465aa1b3b
        • Instruction Fuzzy Hash: C231A6754043009BD720DB12D941BEBB7E4EBD9B14F110E1FF89653390F73DA9858A9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID: Al$bad cast
        • API String ID: 3682899576-2818143712
        • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
        • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004044A2
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004044BB
        • #3092.MFC42(000003FA), ref: 004044C6
        • #4123.MFC42(000003FA), ref: 004044CD
        • #289.MFC42(?,000003FA), ref: 004044DF
        • #537.MFC42 ref: 004044F5
        • GetTextExtentPoint32A.GDI32(?,?,?,000003FA), ref: 0040450D
        • #800.MFC42 ref: 00404517
        • #6334.MFC42(00000001), ref: 00404520
        • #613.MFC42(00000001), ref: 0040455D
        Strings
        • AbCdEfGhIj MnOpQrStUvWxYz, xrefs: 004044E4
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#289#3092#4123#537#613#6334#800ExtentPoint32Text
        • String ID: AbCdEfGhIj MnOpQrStUvWxYz
        • API String ID: 3117280295-3477557351
        • Opcode ID: 3dcf5754866a66f289f4a14a5a8e0011251c420027a93cd97f70e65f3808359e
        • Instruction ID: 6ead9a95320f2e17585fe5a02b67da42463e539038b90bb64c08ae1ac89da54d
        • Opcode Fuzzy Hash: 3dcf5754866a66f289f4a14a5a8e0011251c420027a93cd97f70e65f3808359e
        • Instruction Fuzzy Hash: AB219F71640701ABD218EB29CC51FEAB3E9EBC8724F008A1DF55A9B2D0DB78A8458B55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 0040C699
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C6BB
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040C6D2
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C6E5
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040C703
        • #3293.MFC42(00000000,?,00000000), ref: 0040C714
        • EnableScrollBar.USER32(?,00000000,00000003), ref: 0040C73F
        • GetCursorPos.USER32(?), ref: 0040C746
        • ScreenToClient.USER32(?,?), ref: 0040C755
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?,?), ref: 0040C795
        • InvalidateRect.USER32(?,-00000001,00000001,-00000001,?,?), ref: 0040C7B7
        • InvalidateRect.USER32(?,00000001,00000001,00000001,?,?), ref: 0040C7DC
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: InvalidateRectScroll$EnableMessageSend$#2379#3293ClientCursorScreenShow
        • String ID:
        • API String ID: 2596560422-0
        • Opcode ID: e06e2fc00c76e843fc03f05a86c130b795a75290bae8b45935c027b5c34309be
        • Instruction ID: fa3d2c222b63dadede79ad366c5286aa8bc5a0bd86d1978c02626fdd7f42ae2d
        • Opcode Fuzzy Hash: e06e2fc00c76e843fc03f05a86c130b795a75290bae8b45935c027b5c34309be
        • Instruction Fuzzy Hash: D7412271244706AFD624DF64DC91FABB3E9FBC8B04F104A1DB285971C0EAB4F9068B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 00414695
        • #2864.MFC42(00000000), ref: 0041469C
        • #5981.MFC42(00000000), ref: 004146A7
        • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 004146C2
        • GetWindowRect.USER32(?,?), ref: 004146D1
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 0041470C
        • GetFocus.USER32 ref: 00414730
        • #2864.MFC42(00000000), ref: 00414737
        • #5981.MFC42(00000000), ref: 00414742
        • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 00414759
        • GetWindowRect.USER32(?,?), ref: 00414768
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 004147A3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Rect$#2864#5981FocusInvalidateMessageSendWindow
        • String ID:
        • API String ID: 17734095-0
        • Opcode ID: 8ac0a1d2beff1decac78ffe943ad60053df49a280ea632025abd9e1eed432d6f
        • Instruction ID: 03e7f711754475cf85f77b85fc3fcdbc04555e6b31efa9f765d59489b03bf76c
        • Opcode Fuzzy Hash: 8ac0a1d2beff1decac78ffe943ad60053df49a280ea632025abd9e1eed432d6f
        • Instruction Fuzzy Hash: E2313D79604301AFD724DF68D988BEBB7E4FBC9B04F14891EB49987280D774E8408B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,004161E8,000000FF,004082DC), ref: 00408751
        • #3874.MFC42 ref: 00408765
        • GetParent.USER32(?), ref: 004087B0
        • #2864.MFC42(00000000), ref: 004087B3
        • #3089.MFC42(00000000), ref: 004087C1
        • GetParent.USER32(?), ref: 00408806
        • #2864.MFC42(00000000), ref: 00408809
        • GetParent.USER32(?), ref: 00408814
        • #2864.MFC42(00000000), ref: 00408817
        • #3089.MFC42(00000000), ref: 00408820
        • SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408831
        • #800.MFC42 ref: 00408843
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#3874#540#800MessageSend
        • String ID:
        • API String ID: 3277556153-0
        • Opcode ID: 9ecc2e343a57f6c9b9bccfcb271e0fb3ed7aef3b58fc4218f23aa3b3561ccd90
        • Instruction ID: 7e9e1338364652756a18548eb393c519231e6f42391e95960905e0b5ac38a4cb
        • Opcode Fuzzy Hash: 9ecc2e343a57f6c9b9bccfcb271e0fb3ed7aef3b58fc4218f23aa3b3561ccd90
        • Instruction Fuzzy Hash: 86318DB56047419FC310DF65C995A9BBBE5FB89314F148A2EF9E983380DB38E805CB45
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005BBD
        • memset.MSVCR100 ref: 10005BD1
        • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 10005BEB
        • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?), ref: 10005C26
        • _mbscmp.MSVCR100 ref: 10005C39
        • lstrcpyA.KERNEL32(-000000D0,system), ref: 10005C52
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C67
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C84
        • ??3@YAXPAX@Z.MSVCR100 ref: 10005C9E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: FreeMemory$??2@??3@EnumerateInformationQuerySessionSessions_mbscmplstrcpymemset
        • String ID: system
        • API String ID: 2835183911-3377271179
        • Opcode ID: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction ID: d08ab42cfd6b18e12b5412b75c8ea3aae0022bfd40c742a0170e7af3aa65547d
        • Opcode Fuzzy Hash: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction Fuzzy Hash: FF31A1B5A00219AFEB10CF90CCC8DAFBBB8FF44711F108119E915A3244D730AA51CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00402F0E
        • #540.MFC42(?,?,?,?,?,?,00415B10,000000FF), ref: 00402F44
        • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 00402F7D
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00402FCF
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 00402FE9
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 00402FF7
        • #540.MFC42(?,?,?,?,?,?,?,00415B10,000000FF), ref: 00403044
        • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 0040307C
        • SendMessageA.USER32(?,00000180,00000000,00000000), ref: 004030CE
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004030E8
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 004030F6
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#540#800#860$#4710
        • String ID:
        • API String ID: 3386122782-0
        • Opcode ID: accb93b4d4534babb3c33df265153e75899ebeeddc23ea462ef3d0e6416893cf
        • Instruction ID: 0e1bbe4d6bf82e6f399bf355421bbbbf0538587b7e608849e9b5efe81bae2a50
        • Opcode Fuzzy Hash: accb93b4d4534babb3c33df265153e75899ebeeddc23ea462ef3d0e6416893cf
        • Instruction Fuzzy Hash: 0961F0742003069BC310DF25C860BA3B7E5BF99714F148A6DF8969B3D1DB39E806C798
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(00000064), ref: 10002D1D
        • CloseHandle.KERNEL32(?), ref: 10002D33
        • CloseHandle.KERNEL32(?), ref: 10002D3D
        • CloseHandle.KERNEL32(?), ref: 10002D47
        • WSACleanup.WS2_32 ref: 10002D49
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: FreeVirtual$CloseHandle$CleanupSleep
        • String ID:
        • API String ID: 21600312-0
        • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
        • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,1D7EE358,00000000,00000000,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast), ref: 10009C09
        • _CxxThrowException.MSVCR100(?,10013774), ref: 10009C18
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,10013774), ref: 10009C28
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 10009C2F
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowstd::locale::facet::_
        • String ID: bad cast
        • API String ID: 3754268192-3145022300
        • Opcode ID: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction ID: 8e14b074035db8c01746d2bfa9994902538dc9c994fd8b17045a7e04c907522a
        • Opcode Fuzzy Hash: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction Fuzzy Hash: CA31D2B6904124AFEB14CF54DD84A9EB7B8FB043B0F518259ED26A73A1DB30ED40CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42(0041E8F0), ref: 004139FF
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
        • #860.MFC42(0041E71C,?,0041E8F0), ref: 00413A20
        • #860.MFC42(0041E718,?,0041E8F0), ref: 00413A36
        Strings
        • %d, %d, xrefs: 00413A96
        • ma perche' non funziona ? non riesco a capire, porcaccia miseria %d, xrefs: 00413A7D
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #860$MessageSend
        • String ID: %d, %d$ma perche' non funziona ? non riesco a capire, porcaccia miseria %d
        • API String ID: 272421880-2169086710
        • Opcode ID: b2bc011f5c63b3e8fde4b36ee62048f241c21c3b432790215cd8286b61180210
        • Instruction ID: 9e6ede3ad9f4941932dc250fe1f6dc5eeb94d8e47c614b05bddc7eca871c35c0
        • Opcode Fuzzy Hash: b2bc011f5c63b3e8fde4b36ee62048f241c21c3b432790215cd8286b61180210
        • Instruction Fuzzy Hash: 5601E537B04210669850F51AB802FDF5345DAE4B21F200C2BF54297282D68C5DD742FE
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1D7EE358,0000002D,?,00000000,?), ref: 1000BFAD
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,1D7EE358,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 1881732901-0
        • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
        • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,00000001,00000001,?,10003B03), ref: 10003E05
        • LeaveCriticalSection.KERNEL32(?,?,10003B03), ref: 10003E50
        • send.WS2_32(10003B03,?,?,00000000), ref: 10003E6E
        • EnterCriticalSection.KERNEL32(?), ref: 10003E81
        • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
        • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003EBC
        • WSAGetLastError.WS2_32(?,10003B03), ref: 10003EC7
        • EnterCriticalSection.KERNEL32(?,?,10003B03), ref: 10003EDB
        • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
        • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003F51
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
        • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
          • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
          • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
          • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
        • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
        • _beginthreadex.MSVCR100 ref: 10003615
        • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
        • SetLastError.KERNEL32(00000000), ref: 10003661
        • GetLastError.KERNEL32 ref: 10003679
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • SetLastError.KERNEL32(00000000), ref: 10003689
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
        • String ID:
        • API String ID: 2811472597-0
        • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
        • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D), ref: 10004D63
        • EnterCriticalSection.KERNEL32(?), ref: 10004D78
        • WSASetLastError.WS2_32(00002746), ref: 10004D8A
        • LeaveCriticalSection.KERNEL32(?), ref: 10004D91
        • timeGetTime.WINMM ref: 10004DBF
        • timeGetTime.WINMM ref: 10004DE7
        • SetEvent.KERNEL32(?), ref: 10004E25
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
        • LeaveCriticalSection.KERNEL32(?), ref: 10004E38
        • LeaveCriticalSection.KERNEL32(?), ref: 10004E4B
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
        • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 1000375F
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10003798
        • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100037B5
        • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100037C8
        • WSACreateEvent.WS2_32 ref: 100037CA
        • gethostbyname.WS2_32(?), ref: 100037D4
        • htons.WS2_32(?), ref: 100037ED
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 1000380B
        • connect.WS2_32(?,?,00000010), ref: 10003820
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 1000382F
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 2147236057-0
        • Opcode ID: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction ID: 832f1b8ff29030e8bf453c954313f24a602478d3b057f428ca850e8eb3ef4c46
        • Opcode Fuzzy Hash: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction Fuzzy Hash: B0312AB1A00319AFE710DFA4CC85E7FB7B8FB48760F108619F622972D0DA75EA158B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10004443
        • ResetEvent.KERNEL32(?), ref: 1000444C
        • timeGetTime.WINMM ref: 1000444E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
        • ResetEvent.KERNEL32(?), ref: 100044C8
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • ResetEvent.KERNEL32(?), ref: 100044DC
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 542259498-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • PtInRect.USER32(?,?,?), ref: 00411D72
        • ReleaseCapture.USER32 ref: 00411D80
        • #6215.MFC42(00000000), ref: 00411D8A
        • ClientToScreen.USER32(?,?), ref: 00411D98
        • WindowFromPoint.USER32(?,?), ref: 00411DA8
        • #2864.MFC42(00000000), ref: 00411DAF
        • SendMessageA.USER32(?,00000084,00000000,?), ref: 00411DE1
        • ScreenToClient.USER32(?,?), ref: 00411DF5
        • PostMessageA.USER32(?,00000200,?,?), ref: 00411E22
        • PostMessageA.USER32(?,000000A0,00000000,?), ref: 00411E51
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$ClientPostScreen$#2864#6215CaptureFromPointRectReleaseSendWindow
        • String ID:
        • API String ID: 2212727604-0
        • Opcode ID: 7d4373d860bd0bff0353ee0e80281f8ed34d9b8c302007103ec784144add69fa
        • Instruction ID: 65d3540d572290dc8e8e7abde01ab7ff959d86298a5a24645ee68ad796840dd3
        • Opcode Fuzzy Hash: 7d4373d860bd0bff0353ee0e80281f8ed34d9b8c302007103ec784144add69fa
        • Instruction Fuzzy Hash: 4D212CB2604702AFE314DB64DC45EBBB3A9FBC9710F148A3DF66183680DB74E8058B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(00000000,?,00000000,?,00000000,00000000,?,?,?,?,?,00000000), ref: 0040E7A1
        • #2818.MFC42 ref: 0040E7BD
        • SendMessageA.USER32(?,00001203,?,?), ref: 0040E7E6
        • #4171.MFC42 ref: 0040E802
        • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040E825
        • #6311.MFC42 ref: 0040E82B
        • #800.MFC42 ref: 0040E83C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#2818#4171#540#6311#800
        • String ID: %d_
        • API String ID: 2501914315-998424543
        • Opcode ID: e13109731b13dc81358fae85d8a0ed370a25a2acfac89c727dc0535e64b2ade5
        • Instruction ID: 30fdfb81188390aa47a7274450003a84f5298988f9682049873e1f4bd2872624
        • Opcode Fuzzy Hash: e13109731b13dc81358fae85d8a0ed370a25a2acfac89c727dc0535e64b2ade5
        • Instruction Fuzzy Hash: 5F21E875508780AFD310DF59D881E9BF7E4FBC9724F108A1EF5A983280D774A905CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: lstrlenmemset$??2@gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1496828540-2058306683
        • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
        • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #324.MFC42(00000082,?,?,?,?,?,?,?,00416F94,000000FF,00414516,00000000), ref: 0041481A
        • #384.MFC42(00000082,?), ref: 0041482C
        • #384.MFC42(00000082,?), ref: 0041483B
          • Part of subcall function 00409360: #567.MFC42 ref: 00409382
          • Part of subcall function 00409360: #540.MFC42 ref: 0040940B
          • Part of subcall function 00409360: #384.MFC42 ref: 0040943B
          • Part of subcall function 00409360: GetSysColor.USER32(00000008), ref: 00409497
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094A1
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094AB
          • Part of subcall function 00409360: GetSysColor.USER32(0000000D), ref: 004094B5
          • Part of subcall function 00409360: GetSysColor.USER32(00000003), ref: 004094BF
          • Part of subcall function 00409360: GetSysColor.USER32(0000000F), ref: 004094C9
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 004094D9
          • Part of subcall function 00409360: #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 0040950E
        • #2097.MFC42(00000086,00000010,00000000,00FF00FF,00000082), ref: 00414878
        • #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041488D
        • #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041489D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Color$#384$#2097#823$#2243#324#472#540#567
        • String ID: TA$Times New Roman
        • API String ID: 38881361-2591298183
        • Opcode ID: a406a15864a2363815616b8ce2469ebf1a2deabd326eb26d11c3b2c0324dd914
        • Instruction ID: 2bf692fb0ee0bc1fbbb3a116274d897e30aec38213a2b893b30cc859ce00c935
        • Opcode Fuzzy Hash: a406a15864a2363815616b8ce2469ebf1a2deabd326eb26d11c3b2c0324dd914
        • Instruction Fuzzy Hash: F711B671384B41EBE311DF16C842B9AB794EB84B18F00491EF5911B3C2CBBDA5488B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,1D7EE358,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,1D7EE358,?,74DF2F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
        • String ID:
        • API String ID: 2486110213-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3797.MFC42 ref: 0040C329
        • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040C34C
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C361
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C378
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C38B
        • #3293.MFC42(00000000,?,00000000), ref: 0040C3B4
        • PtInRect.USER32(?,?,?), ref: 0040C3D6
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040C3F6
        • GetClientRect.USER32(?,?), ref: 0040C44C
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#3797Client
        • String ID:
        • API String ID: 3796748647-0
        • Opcode ID: bb97c3f7b87146a16a2bd0954ce0c9c3d4c939cb8cc9bfd89a70c7467e3b6705
        • Instruction ID: e2a8c47e10e70cb08fe8a4a1788704d3dfadbd7f823f7166ba5f8f2836e34f88
        • Opcode Fuzzy Hash: bb97c3f7b87146a16a2bd0954ce0c9c3d4c939cb8cc9bfd89a70c7467e3b6705
        • Instruction Fuzzy Hash: C04148712043059BC314CF29DCC1F6AB7E5FBC8704F104A2EF589DB281E674E9428B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3910.MFC42(?,?,00000000,75BF3EB0,?,00000000,?,?,?), ref: 0040CAF8
        • GetWindowLongA.USER32(?,000000F0), ref: 0040CB13
        • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040CB3F
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040CB54
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CB69
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CB7E
        • #3293.MFC42(00000000,?,00000000,?,?,00000000,75BF3EB0,?,00000000,?,?,?), ref: 0040CBA1
        • PtInRect.USER32(?,00000000,?), ref: 0040CBB2
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CBD2
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3293#3910LongRectWindow
        • String ID:
        • API String ID: 3992863169-0
        • Opcode ID: 46616b84b279fa267487c12ad05616f5ef0713c59b269fc0d12aec00cf5bd485
        • Instruction ID: 2469fe7d0211dde195add33a7aa0be789a922c66ee08035144461f5b6f68c818
        • Opcode Fuzzy Hash: 46616b84b279fa267487c12ad05616f5ef0713c59b269fc0d12aec00cf5bd485
        • Instruction Fuzzy Hash: C6416D72344311ABD314DB29DC82F6BB7E4EB88710F54462AF694EB2C1DB74E8058B99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(?), ref: 00412835
        • #1175.MFC42 ref: 00412851
        • #289.MFC42(00000000), ref: 0041286A
        • #2860.MFC42(?,?,00000000), ref: 00412880
        • #5788.MFC42(00000000,?,?,00000000), ref: 0041288A
        • GetTabbedTextExtentA.USER32(?,?,?,00000000,00000000), ref: 004128A3
        • #5788.MFC42(00000000,?,00000000), ref: 0041292F
        • #613.MFC42(00000000,?,00000000), ref: 0041293D
        • #800.MFC42(?,00000000), ref: 00412961
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #5788$#1175#2860#289#537#613#800ExtentTabbedText
        • String ID:
        • API String ID: 2367858267-0
        • Opcode ID: 7ab906c1582ff08a3d3683eb2643f85a5a498c42d6453c0faec1b927f4ebdf65
        • Instruction ID: 0d1684629ccb6b3457967a4439a5b3894e2ee7433c75f2001980a8011b125686
        • Opcode Fuzzy Hash: 7ab906c1582ff08a3d3683eb2643f85a5a498c42d6453c0faec1b927f4ebdf65
        • Instruction Fuzzy Hash: 945127B56047419FC314DF29C984BABB7E4FB88714F004A2EF5A6C7290D778E944CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsChild.USER32(?,?), ref: 0040750B
        • #2379.MFC42(?,?,00416048,000000FF), ref: 00407517
        • #540.MFC42(?,?,00416048,000000FF), ref: 00407520
        • #3874.MFC42(?,?,?,00416048,000000FF), ref: 00407534
        • #4171.MFC42(?,?,?,00416048,000000FF), ref: 0040753D
        • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407551
        • #6311.MFC42(?,?,00416048,000000FF), ref: 0040755B
        • #858.MFC42(?,?,?,00416048,000000FF), ref: 00407568
        • #800.MFC42(?,?,00416048,000000FF), ref: 0040758E
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2379#3874#4171#540#6311#800#858ChildMessageSend
        • String ID:
        • API String ID: 421972520-0
        • Opcode ID: c32a3dce1588ecb4255d905a7300fb92fe6bb3ea6ff74e786d6294ac9ec5c229
        • Instruction ID: c4d36eb5357b1e268129fe855134a09c69f5ef8fe81d0dce456d3e5d315ebacb
        • Opcode Fuzzy Hash: c32a3dce1588ecb4255d905a7300fb92fe6bb3ea6ff74e786d6294ac9ec5c229
        • Instruction Fuzzy Hash: D23149712047019BC314DF24E981BAAB3E5FB88B08F10492DF4469B6D1DB78E809CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #823lstrcpylstrlen
        • String ID:
        • API String ID: 44751579-0
        • Opcode ID: c831197e19e86c33db242e401afa627c7abecd44246c64530166022ba3cfb408
        • Instruction ID: 10bd4a9e0709d7c02b42896409628c88f9decdd0c53d3bc5eddff358048a5630
        • Opcode Fuzzy Hash: c831197e19e86c33db242e401afa627c7abecd44246c64530166022ba3cfb408
        • Instruction Fuzzy Hash: 10211DB29047009FD320DF39DC8492BB7E8EB89320B054A2EE49AD3790DB34E945CB65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@$free
        • String ID:
        • API String ID: 2241099983-0
        • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
        • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
        • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
        • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
        • SetLastError.KERNEL32(0000139F), ref: 10004CD9
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
        • LeaveCriticalSection.KERNEL32(00000002), ref: 10004CE9
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
        • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #324.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403A97
        • #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AA9
        • #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AC1
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AD9
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AEB
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AFD
        • #860.MFC42(0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B14
        • #860.MFC42(0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B20
        • #860.MFC42(0041E8F0,0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B34
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#860$#567$#324
        • String ID:
        • API String ID: 1158441897-0
        • Opcode ID: a95bb519680eb604d2f87f4b78b479bec0c8b616c4a3ed5e9557a7423abf3768
        • Instruction ID: b11bbe5b9f5008c842b7bd9153e46446511a7b11a8cf9a04ee6a4d62c60e8a43
        • Opcode Fuzzy Hash: a95bb519680eb604d2f87f4b78b479bec0c8b616c4a3ed5e9557a7423abf3768
        • Instruction Fuzzy Hash: 12218E71644B819EC311EF2688417EBFBD5ABC5704F00491EF49617382CBBD654A8BAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memmove.MSVCR100 ref: 1000753B
        • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,1D7EE358), ref: 10007636
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,1D7EE358), ref: 10007664
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1D7EE358), ref: 1000766F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
        • String ID: invalid string position$string too long
        • API String ID: 2621357903-4289949731
        • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
        • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
        • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004036E7
        • #1200.MFC42(E' necessario inserire almeno una colonna ..,00000000,00000000), ref: 004036FA
        • #823.MFC42 ref: 00403716
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040373A
        • #825.MFC42(?), ref: 00403763
        • #4853.MFC42 ref: 0040377D
        Strings
        • E' necessario inserire almeno una colonna .., xrefs: 004036F5
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#1200#4853#823#825
        • String ID: E' necessario inserire almeno una colonna ..
        • API String ID: 2659078600-2295075096
        • Opcode ID: 4781e0968b0dcd13aeb482b9cc4d105c7bbd43574a8595e645961413ec56c0a5
        • Instruction ID: 0f66f446edcbd5c05381457d29a633b2db351b7f562a6bfb851817a616f67f4c
        • Opcode Fuzzy Hash: 4781e0968b0dcd13aeb482b9cc4d105c7bbd43574a8595e645961413ec56c0a5
        • Instruction Fuzzy Hash: 3711DCF5600304ABD710EF18EC81BA77BA8FB84711F04456DFC05AB381EB79E9058BA6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #567.MFC42(?,?,00000000), ref: 00411891
        • #1168.MFC42(?,?,00000000), ref: 004118A2
        • GetClassInfoA.USER32(?,ZGfxListTip,?), ref: 004118B5
        • LoadCursorA.USER32 ref: 004118E7
        • #1232.MFC42(?,?,?,?,?,?,?,00007F00), ref: 0041190A
        • #1270.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00411913
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1168#1232#1270#567ClassCursorInfoLoad
        • String ID: ZGfxListTip
        • API String ID: 3069537701-2764869995
        • Opcode ID: c1777f902a1098fee9250ff0f01ecdb461a496c282bbc71f2766432ac85010e8
        • Instruction ID: 15696b2da03ed55e506b20e7cfda967e3baed51a129acc1d47ed1798fc33c382
        • Opcode Fuzzy Hash: c1777f902a1098fee9250ff0f01ecdb461a496c282bbc71f2766432ac85010e8
        • Instruction Fuzzy Hash: 72116DB0508341AFC300DF5AC880A9BFBE9FBC8768F50892EF45893350D7788545CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 00413D02
        • #3286.MFC42(00000000,?,?,00416E48,000000FF), ref: 00413D13
        • #540.MFC42(00000000,?,?,00416E48,000000FF), ref: 00413D1E
        • #2818.MFC42(?,Click on %d,00000000,00000000,?,?,00416E48,000000FF), ref: 00413D36
        • #1200.MFC42(?,00000000,00000000), ref: 00413D47
        • #800.MFC42 ref: 00413D58
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #1200#2818#3286#540#800MessageSend
        • String ID: Click on %d
        • API String ID: 2456865281-2511729816
        • Opcode ID: 7471b7a4a0cdeabb8f4b66725cab824301a363703fe0a4d97d2e33f68902281a
        • Instruction ID: 7b562fa9a00aa8c1639aa191ac600279ad2aa7481a4e90da7094ea3b6e504851
        • Opcode Fuzzy Hash: 7471b7a4a0cdeabb8f4b66725cab824301a363703fe0a4d97d2e33f68902281a
        • Instruction Fuzzy Hash: 57019E71544741ABD210EF25DC42F86B7E4AB98B20F104B1EB465972D1CBB89548CAAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,1D7EE358,?,1D7EE358,10008EF2), ref: 1000A71D
          • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,1D7EE358,?,1D7EE358,10008EF2), ref: 1000A740
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,1D7EE358), ref: 1000A76E
          • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
          • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
        • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
        • memmove.MSVCR100 ref: 100093D6
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
        • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
        • String ID:
        • API String ID: 666130115-0
        • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
        • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00403CCC
        • #823.MFC42(00000014), ref: 00403CD3
        • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403D3E
        • #860.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403D7D
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403DCF
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403DDF
        • #800.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403DF9
          • Part of subcall function 004020F0: #823.MFC42(?), ref: 0040211C
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 00403E35
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#823$#4710#540#800#860
        • String ID:
        • API String ID: 3628477057-0
        • Opcode ID: 85ff917d9771cb3a6253b16578ae39e37bcee1db4435756c7805e6d182fb84aa
        • Instruction ID: f4154b68333de44a4d6738775d707b59bab23b6c0a68860ccea144a1f20cd1fc
        • Opcode Fuzzy Hash: 85ff917d9771cb3a6253b16578ae39e37bcee1db4435756c7805e6d182fb84aa
        • Instruction Fuzzy Hash: 9D41DD71604702ABD314CF29C851B97BBE9BF88710F148A2EF459A73D1DB38E905CB99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
        • LoadLibraryA.KERNEL32(?), ref: 10005F20
        • GetProcessHeap.KERNEL32(00000000,FFFC66E8,8B068BFF), ref: 10005F46
        • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
        • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
        • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
        • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
        • String ID:
        • API String ID: 1153753045-0
        • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
        • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040459B
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004045B4
        • #3092.MFC42(000003F9), ref: 004045BF
        • #4123.MFC42(000003F9), ref: 004045C6
        • #6334.MFC42(00000001,?,000003F9), ref: 004045D8
        • #825.MFC42(?,?,000003F9), ref: 00404630
        • #823.MFC42(?,?,000003F9), ref: 00404643
        • lstrcpyA.KERNEL32(?,?), ref: 00404667
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092#4123#6334#823#825lstrcpy
        • String ID:
        • API String ID: 591287354-0
        • Opcode ID: 9d83ee4001013159810d6786fa0c60dfd91ca5339e5491b1e8d84eee6b67ee24
        • Instruction ID: 80a17df4763ab70293e66287aa8ac1744220159da8843299787d972ab8e78dbb
        • Opcode Fuzzy Hash: 9d83ee4001013159810d6786fa0c60dfd91ca5339e5491b1e8d84eee6b67ee24
        • Instruction Fuzzy Hash: 642126B57402456FE610DB35DC91FD373D9AFC5308F144A2AEA8ADB381E63AE846C784
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F0D
        • #4129.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F37
        • _stricmp.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F40
        • #800.MFC42 ref: 00406F4E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F64
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F7E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406FA4
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406FB5
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800$#4129#535_stricmp
        • String ID:
        • API String ID: 2166634664-0
        • Opcode ID: a2544addb05cbb343c3a36800a0f85c9739398498a95d4b94165328b8eba2de4
        • Instruction ID: d8acbc85a40bec6364da642e4d39954ebcb2075cf28dffaba8d871201deb4516
        • Opcode Fuzzy Hash: a2544addb05cbb343c3a36800a0f85c9739398498a95d4b94165328b8eba2de4
        • Instruction Fuzzy Hash: 3D3163311046418FC308DF25D450A9AF7E4BBD8328F05472EF8AA973D0DB38EA46CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 10003F65
        • SetLastError.KERNEL32(0000139F,?,74DEDFA0,10003688), ref: 10004054
          • Part of subcall function 10002BA0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 10002BB6
          • Part of subcall function 10002BA0: SwitchToThread.KERNEL32 ref: 10002BCA
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • SetEvent.KERNEL32(?), ref: 10003FE9
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • WSACloseEvent.WS2_32(?), ref: 10004003
        • shutdown.WS2_32(?,00000001), ref: 1000401B
        • closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 3254528666-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: 33fc8edb3bfa16432b1da941d8e6096b20875d7008fd88c2fc111e4d4adde92b
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: 392148B56007109BE321DF64C888B5BB7F9FB88791F11891CF28297690CBB9F855CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004074
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004087
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004090
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004099
          • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100015D0
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040B9
        • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040D4
        • SetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004150
        • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004157
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
        • String ID:
        • API String ID: 2266972149-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040483C
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00404857
        • #3092.MFC42(000003F7), ref: 00404862
        • #4123.MFC42(000003F7), ref: 00404869
        • #6334.MFC42(00000001,000003F7), ref: 0040488A
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040489E
        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004048B2
        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004048C3
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092#4123#6334
        • String ID:
        • API String ID: 515758084-0
        • Opcode ID: 27b31aaaff9f665add95ec845b9ca41f1870026e38080ae08df8bffc08f5618d
        • Instruction ID: de6e141658dd753b76600b78e70d0aba036306c2008a0927bc5dedbedfe20fd0
        • Opcode Fuzzy Hash: 27b31aaaff9f665add95ec845b9ca41f1870026e38080ae08df8bffc08f5618d
        • Instruction Fuzzy Hash: 4B2183753407056BE724EA69CC81FE7B399ABC0708F10461DE645AF2D1DAB4F845C794
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #825.MFC42(?,?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?), ref: 00411FFB
        • GlobalFree.KERNEL32(?), ref: 0041200F
        • GlobalFree.KERNEL32(?), ref: 0041201C
        • DeleteObject.GDI32(?), ref: 0041202C
        • DeleteObject.GDI32(?), ref: 00412036
        • #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412040
        • #686.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 0041204D
        • #2438.MFC42(?,75C63E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,75C63E40,?,?,00000000,?,?,?), ref: 00412062
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #686DeleteFreeGlobalObject$#2438#825
        • String ID:
        • API String ID: 3662887312-0
        • Opcode ID: 5658109318eb20d28c80caa61ffefc894172925bd88b9a1b815ca946d33af6bc
        • Instruction ID: ce5e02abcbc0d965e706e58c96035ad2eb770dd755496af3e099d46372b212d0
        • Opcode Fuzzy Hash: 5658109318eb20d28c80caa61ffefc894172925bd88b9a1b815ca946d33af6bc
        • Instruction Fuzzy Hash: 04217FB52007418FD320DF1AC980B97BBE8AF98744F04491EE585C3751DBBCE885CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #289.MFC42 ref: 00410460
        • GetDeviceCaps.GDI32 ref: 00410474
        • #5791.MFC42(?,00000000), ref: 00410497
        • RealizePalette.GDI32(00000026), ref: 004104A1
        • InvalidateRect.USER32(00000026,00000000,00000001), ref: 004104B5
        • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68), ref: 004104C7
        • #2379.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68,000000FF), ref: 004104E1
        • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68,000000FF), ref: 004104F4
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #613$#2379#289#5791CapsDeviceInvalidatePaletteRealizeRect
        • String ID:
        • API String ID: 3939794635-0
        • Opcode ID: 7ab01de24c88b5fa363f6aae7a3d7aa987943dcd37bca407fc59203c493bb70d
        • Instruction ID: 0183c5c9ed7ce5bb432c24f5bb3a1dd68d5fb1043291eca5a6f32ff08f01672b
        • Opcode Fuzzy Hash: 7ab01de24c88b5fa363f6aae7a3d7aa987943dcd37bca407fc59203c493bb70d
        • Instruction Fuzzy Hash: 5E11B476640B00ABC324DF18CC81BDA77E4BBC9B20F044A1DB5A6973C0CB789884C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 0040398A
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004039A0
        • #3092.MFC42(000003F2,?,004032A2,00000001), ref: 004039AD
        • #4123.MFC42(000003F2,?,004032A2,00000001), ref: 004039B4
        • #3092.MFC42(000003F2,?,004032A2,00000001), ref: 004039C8
        • #4123.MFC42(000003F2,?,004032A2,00000001), ref: 004039CF
        • #3092.MFC42(000003F2,00000000,000003F2,?,004032A2,00000001), ref: 004039E1
        • #2642.MFC42(000003F2,00000000,000003F2,?,004032A2,00000001), ref: 004039E8
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3092$#4123MessageSend$#2642
        • String ID:
        • API String ID: 229567068-0
        • Opcode ID: edf92cb9ceebc25127b3337cff1c8a359ac504b1dc8cd9a205ccb139dcb31b72
        • Instruction ID: 79b34d7e3dc7d3995b3af4a357ac584f2c9c4b55ecf779123128f5e6f0ef02d9
        • Opcode Fuzzy Hash: edf92cb9ceebc25127b3337cff1c8a359ac504b1dc8cd9a205ccb139dcb31b72
        • Instruction Fuzzy Hash: DBF0E771B8071266E925267A5D23FAF118DABC0B15F11042E7682AE2C2DDE8AE42425C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$#2379Child
        • String ID:
        • API String ID: 3424149459-0
        • Opcode ID: 840af436893326072ce61341cc861e574f81ef7736d2f28a011efe0a84b71970
        • Instruction ID: fbc0520036c2bcf1026c8875090776a95f58003a93c593743e252b8b9e280369
        • Opcode Fuzzy Hash: 840af436893326072ce61341cc861e574f81ef7736d2f28a011efe0a84b71970
        • Instruction Fuzzy Hash: ADF04976A007059BC620ABB29C88CAB77ADFFCC358314896EF14187741DB38EC018B68
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
        • String ID:
        • API String ID: 432566381-0
        • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
        • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
        • malloc.MSVCR100 ref: 10002350
        • memcpy.MSVCR100 ref: 10002397
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: mallocmemcpyvsprintf
        • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
        • API String ID: 4208594302-868042568
        • Opcode ID: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
        • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
        • Opcode Fuzzy Hash: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
        • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(1D7EE358,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 100079B6
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,1D7EE358,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,1D7EE358,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
        • String ID:
        • API String ID: 753523128-0
        • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
        • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsWindowVisible.USER32(?), ref: 0040E1EB
        • #6215.MFC42(00000000), ref: 0040E1FD
        • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040E239
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040E27C
        • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040E2D3
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040E316
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040E338
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: InvalidateRect$MessageSend$#6215VisibleWindow
        • String ID:
        • API String ID: 3841919118-0
        • Opcode ID: 4a9925f08118d706f0880069c3081569475e49809b9651a1575b90b7716ac44c
        • Instruction ID: 59f021c7d3af86106f2900abd0c2fe0c614b015f350e2d27743b6e444487772b
        • Opcode Fuzzy Hash: 4a9925f08118d706f0880069c3081569475e49809b9651a1575b90b7716ac44c
        • Instruction Fuzzy Hash: 2541A0713007059BD614EB26C881EEBB3E9FB84B14F004D1EF999972C1DB74F8458B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040C4F2
        • #2864.MFC42(00000000), ref: 0040C4F9
          • Part of subcall function 0040C320: #3797.MFC42 ref: 0040C329
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040C34C
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C361
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C378
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C38B
          • Part of subcall function 0040C320: #3293.MFC42(00000000,?,00000000), ref: 0040C3B4
          • Part of subcall function 0040C320: PtInRect.USER32(?,?,?), ref: 0040C3D6
          • Part of subcall function 0040C320: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040C3F6
        • #3286.MFC42(00000000,00000000), ref: 0040C52A
        • #3293.MFC42(00000000,?,00000002,00000000,00000000), ref: 0040C56E
        • #540.MFC42(00000000,00000000), ref: 0040C5B6
        • #800.MFC42 ref: 0040C607
        • #2379.MFC42 ref: 0040C60E
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3293$#2379#2864#3286#3797#540#800FocusRect
        • String ID:
        • API String ID: 3548020944-0
        • Opcode ID: bcf695ea92022afa35c10c3b8e07ac7148fbae847c5efa9a707f471edd676c13
        • Instruction ID: 3e7f0d53cfebf455c41612a786f2edeab7f45459e577ebac52da74e31deb55df
        • Opcode Fuzzy Hash: bcf695ea92022afa35c10c3b8e07ac7148fbae847c5efa9a707f471edd676c13
        • Instruction Fuzzy Hash: 9C4183752047419FD724DB25C891BAFB7E9AFC4714F004A2EF865A33C0DB79E805879A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
        • #3293.MFC42(00000000,?,00000000,75BF3EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
        • SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
        • GetClientRect.USER32(?,?), ref: 0040DAF3
        • SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
        • SendMessageA.USER32(?,00001014,?,00000000), ref: 0040DB3F
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3092#3293Client
        • String ID:
        • API String ID: 643703033-0
        • Opcode ID: 1fbe456a7ebcc3675d37b8969356843dd930d5e592d616b0a20be238f0d9d2eb
        • Instruction ID: 2aa8f9b520159156308723dea08d56de589cab47cf0e4b53f78a13a3a7b0ea4e
        • Opcode Fuzzy Hash: 1fbe456a7ebcc3675d37b8969356843dd930d5e592d616b0a20be238f0d9d2eb
        • Instruction Fuzzy Hash: E121C1762443046BD324EB65DC85FABB3E8FBC8714F14092EF645D72C0DAB9E8058B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1D7EE358,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(Al,1D7EE358,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
        • realloc.MSVCR100 ref: 1000ADA8
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
        • String ID: Al$Al
        • API String ID: 614970593-2419079684
        • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
        • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #567.MFC42(?,?,?,?,?,00415E52,000000FF), ref: 00405AD5
        • #540.MFC42(?,?,?,?,?,00415E52,000000FF), ref: 00405AE4
          • Part of subcall function 00407230: #567.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 0040724E
          • Part of subcall function 00407230: #540.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 00407262
          • Part of subcall function 00407230: #540.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 0040726F
          • Part of subcall function 00407D10: #567.MFC42(?,00405B06,?,?,?,?,?,00415E52,000000FF), ref: 00407D13
          • Part of subcall function 00407D10: GetSysColor.USER32 ref: 00407D27
          • Part of subcall function 00407900: #567.MFC42(?,?,00000000,004160A8,000000FF,00405B16,?,?,?,?,?,00415E52,000000FF), ref: 0040791D
          • Part of subcall function 00407900: #540.MFC42(?,?,00000000,004160A8,000000FF,00405B16,?,?,?,?,?,00415E52,000000FF), ref: 00407933
        • LoadBitmapA.USER32(00000000,00007FE2), ref: 00405B46
        • #858.MFC42(?,?,?,?,?,?,00415E52,000000FF), ref: 00405B56
        • GetSystemMetrics.USER32(00000015), ref: 00405B6F
        • GetSysColor.USER32 ref: 00405B98
        • #800.MFC42 ref: 00405BAC
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#567$Color$#800#858BitmapLoadMetricsSystem
        • String ID:
        • API String ID: 2827053716-0
        • Opcode ID: e632873103d7db792261b9a2dea7c4cbc1ff96e7dd7f587d25d1498ff64e1a6a
        • Instruction ID: b7467bd19d3816234bd1e1c5c60bc03514cd7712f8bdf4ada88f9bfce40f89ce
        • Opcode Fuzzy Hash: e632873103d7db792261b9a2dea7c4cbc1ff96e7dd7f587d25d1498ff64e1a6a
        • Instruction Fuzzy Hash: 03312A70508B818FD321DF29C48179AFFE4BB99714F104A1EE4DA43792C779A548CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CD7086A), ref: 1000DC8B
        • _beginthreadex.MSVCR100 ref: 1000DCAB
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • CloseHandle.KERNEL32(?), ref: 1000DCD4
        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseHandleObjectSingleWait$??2@CreateEvent_beginthreadex
        • String ID:
        • API String ID: 2512375702-0
        • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
        • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004024B0: #3092.MFC42(00000000), ref: 004024BD
          • Part of subcall function 00403A70: #324.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403A97
          • Part of subcall function 00403A70: #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AA9
          • Part of subcall function 00403A70: #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AC1
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AD9
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AEB
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AFD
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B14
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B20
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B34
        • #2514.MFC42 ref: 0040F306
        • #800.MFC42 ref: 0040F32F
        • #800.MFC42 ref: 0040F343
        • #800.MFC42 ref: 0040F357
        • #692.MFC42 ref: 0040F36B
        • #616.MFC42 ref: 0040F37C
        • #641.MFC42 ref: 0040F390
          • Part of subcall function 00402290: #3092.MFC42(00000000), ref: 004022A1
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #540#800#860$#3092#567$#2514#324#616#641#692
        • String ID:
        • API String ID: 3582498933-0
        • Opcode ID: de82be39a199a0aac29a14bf7d234da08a210163ba988213936280aadc2773c3
        • Instruction ID: 75a4c19113608dc3b7b285c698f0c983c3d5b2b6a1e54bb991d96a8fd916cef7
        • Opcode Fuzzy Hash: de82be39a199a0aac29a14bf7d234da08a210163ba988213936280aadc2773c3
        • Instruction Fuzzy Hash: 01219D700097929BD335EF20C591BEEB7D4AFA1314F00892EA4EA036C1DBB81588CB5B
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2302.MFC42(?,000003F7,?), ref: 00403C23
        • #2302.MFC42(?,000003F1,?,?,000003F7,?), ref: 00403C35
        • #2370.MFC42(?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C47
        • #2370.MFC42(?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C59
        • #2362.MFC42(?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C6B
        • #2294.MFC42(?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?), ref: 00403C7B
        • #2370.MFC42(?,000003FE,?,?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?), ref: 00403C8D
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2370$#2302$#2294#2362
        • String ID:
        • API String ID: 465330616-0
        • Opcode ID: f0f1eb00be033539a84b7b6151b586a76a4e3081721901760a4b2bb012b7f7f4
        • Instruction ID: fab9ee1e95a202c8ef61fbbde5b5653753e137523daa6cf07c826fbf21b3596d
        • Opcode Fuzzy Hash: f0f1eb00be033539a84b7b6151b586a76a4e3081721901760a4b2bb012b7f7f4
        • Instruction Fuzzy Hash: 14F031729C0A06BBE123A6518CC2FFB626CDBC2B44F00442EF6456A081DFD829465275
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2B8
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2C5
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2D2
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2DF
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2EC
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2F9
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C308
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800
        • String ID:
        • API String ID: 1076129211-0
        • Opcode ID: af08d69fcb9a359c7a7fac98b9dbbdfd106971a924e463a06e5083e51e71604d
        • Instruction ID: a26d71f746f00970137e1268430cbe23096584c85850ad5bb5b7a5ed76c79e18
        • Opcode Fuzzy Hash: af08d69fcb9a359c7a7fac98b9dbbdfd106971a924e463a06e5083e51e71604d
        • Instruction Fuzzy Hash: EC0140300087918BD314EF15C41179ABBD4BB98724F404E4EB4BA06781CBB9A149CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3092.MFC42(00000000), ref: 004022A1
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 004022E9
        • #3996.MFC42(00000000,00000000,?,?,?,?,?,00000000), ref: 0040233B
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3092#3996MessageSend
        • String ID:
        • API String ID: 3103698401-0
        • Opcode ID: d4c87fd744f25903f85ed97e2a8a09772249997d086082e4787d407069889f00
        • Instruction ID: 54880b89b3761a31cd98830d76d5d8286962cc73aa68340628581de2a3ddb9c2
        • Opcode Fuzzy Hash: d4c87fd744f25903f85ed97e2a8a09772249997d086082e4787d407069889f00
        • Instruction Fuzzy Hash: DA61D6312006405BD718CF19C954FABBBE6BFC4348F28852ED95A8B3D1C7B5E946CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,?,?,?,1D7EE358,?,?,10010B78,000000FF), ref: 10004ECA
        • WSASetLastError.WS2_32(0000139F,?,?,?,?,1D7EE358,?,?,10010B78,000000FF), ref: 10004EE2
        • LeaveCriticalSection.KERNEL32(?), ref: 10004EEC
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
        • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
        • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
        • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
        • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
        • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
        • String ID:
        • API String ID: 672040072-0
        • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
        • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 0040761F
        • #3874.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 00407633
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 0040764F
        • #6199.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 004076A8
        • #6134.MFC42(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?,00416068), ref: 004076B6
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 004076C7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3874#535#540#6134#6199#800
        • String ID:
        • API String ID: 3385152813-0
        • Opcode ID: 5b185957f076a5cb9785e72322fce5d562f8547c8bf5cf6af3e010beae4ac0e7
        • Instruction ID: 6b27b86aa903934d35878d21e2f0a4164fbb5fec8e7951dfae5151c85ed15080
        • Opcode Fuzzy Hash: 5b185957f076a5cb9785e72322fce5d562f8547c8bf5cf6af3e010beae4ac0e7
        • Instruction Fuzzy Hash: 03310575508B419BC310DF28C850AA7BBE5BFC9328F144A5DF4A6473C1D73AA409C795
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: _errno$recvselect
        • String ID:
        • API String ID: 4102763267-0
        • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
        • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040908C
        • #3286.MFC42(00000000,?,?,?,?,00409058), ref: 004090AC
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 004090C7
        • #3286.MFC42(00000000,?,?,?,?,00409058), ref: 004090EC
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 00409107
        • #825.MFC42(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 0040910D
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3286#6007$#825MessageSend
        • String ID:
        • API String ID: 1838521641-0
        • Opcode ID: 5c3bf531b28dd81e5fff6980d2e46db2b9ddd79369961602f07e0167654c23c1
        • Instruction ID: 990d4de09ee1ee4a537b88ba230a1faeb44605fe654553a657c0c1927e067bf6
        • Opcode Fuzzy Hash: 5c3bf531b28dd81e5fff6980d2e46db2b9ddd79369961602f07e0167654c23c1
        • Instruction Fuzzy Hash: F121B7753403056BE2209A95DC92FA773989BC5714F24406EF755AF3C2CAB5BC41871C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401B8D
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401B9C
        • #3286.MFC42(?), ref: 00401BAA
        • SendMessageA.USER32(?,00001008,?,00000000), ref: 00401BE1
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401BF2
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401C0C
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3286
        • String ID:
        • API String ID: 323715935-0
        • Opcode ID: dd8e8be51a73c453e9cf0640267e416c2e1f19cc8614d93a474b9d234b31dae0
        • Instruction ID: 839f355133ad398dd5420a1e0ed4d3479fb317a0a9a729d10a6bd7873ce536a9
        • Opcode Fuzzy Hash: dd8e8be51a73c453e9cf0640267e416c2e1f19cc8614d93a474b9d234b31dae0
        • Instruction Fuzzy Hash: D8111F323853046BE624CA55DCC1F5BB3A5FB88711F24861EF3455B2C1DAB5F8418768
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3286.MFC42(?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FEF7
        • GetParent.USER32(?), ref: 0040FF0C
        • #2864.MFC42(00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF13
        • #3301.MFC42(?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF51
        • #858.MFC42(00000000,?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF63
        • #800.MFC42(00000000,?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF74
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864#3286#3301#800#858Parent
        • String ID:
        • API String ID: 3939703191-0
        • Opcode ID: 4e1f7311891b159ed5df895258011eff8a905c171c8d1df8999c029e4fb9c491
        • Instruction ID: 50fb0357b733e35dfa3a1de6762c1db008e89cac4621cd0756db6465bb5cffcc
        • Opcode Fuzzy Hash: 4e1f7311891b159ed5df895258011eff8a905c171c8d1df8999c029e4fb9c491
        • Instruction Fuzzy Hash: 33214C722046409BC310DB55C880FABB3E8FBC8B24F044A2EF49993780DB38E905CB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Menu$Item$#2546#2863#291Count
        • String ID:
        • API String ID: 667342809-0
        • Opcode ID: 0bff663d3fbe3c8294a197b1b445eb3b55eb6cb83e07f262a4668d9497f7d0da
        • Instruction ID: 6016297503df46aff9d2fa9a9091cfb1e1031c7c64886bb6c59623230f0bd193
        • Opcode Fuzzy Hash: 0bff663d3fbe3c8294a197b1b445eb3b55eb6cb83e07f262a4668d9497f7d0da
        • Instruction Fuzzy Hash: FB119D71508301ABC700DF65DE8499BFBF9EF88310F108A1EF954C3284DAB4E845CBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
        • _CxxThrowException.MSVCR100 ref: 10009153
        Strings
        • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??0exception@std@@ExceptionThrow
        • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
        • API String ID: 2684170311-3812731148
        • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
        • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00407336
        • GetCursorPos.USER32(?), ref: 00407356
        • ScreenToClient.USER32(?,?), ref: 00407365
        • PostMessageA.USER32(?,00000201,00000000,?), ref: 00407395
        • PostMessageA.USER32(?,00000202,00000000,?), ref: 004073BB
        • SendMessageA.USER32(?,00000445,00000000,00010001), ref: 004073CE
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$Post$#2379ClientCursorScreenSend
        • String ID:
        • API String ID: 3824870609-0
        • Opcode ID: 43759374c0e84a8bdead1b8506eab26180574a855a61b34d426c109cb99b8361
        • Instruction ID: 4022b57308e10e17be6ba181eff9c032287b418cfaf535c37964a3ccde5d7d1e
        • Opcode Fuzzy Hash: 43759374c0e84a8bdead1b8506eab26180574a855a61b34d426c109cb99b8361
        • Instruction Fuzzy Hash: 4B11A0766103016FE620DB24DC46FB7B7A4EF85710F208A3EFAA5D72C0D5B4E804D669
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
        • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
        • HeapFree.KERNEL32(00000000), ref: 100062B5
        • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
        • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
        • HeapFree.KERNEL32(00000000), ref: 100062DB
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: FreeHeap$Process$LibraryVirtual
        • String ID:
        • API String ID: 3521805120-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004761
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000476C
        • Sleep.KERNEL32(00000258), ref: 10004779
        • CloseHandle.KERNEL32(?), ref: 10004794
        • CloseHandle.KERNEL32(?), ref: 1000479D
        • Sleep.KERNEL32(0000012C), ref: 100047AE
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
        • String ID:
        • API String ID: 1019945655-0
        • Opcode ID: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction ID: ab300de59104cfa3b6c6a7cb3b929f183dbe93be0b3bbffdefcd2026bf0c7e40
        • Opcode Fuzzy Hash: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction Fuzzy Hash: FDF030762046146BD610EBA9CC84D4BF3E9EFD9730B218709F26583294CA70FC018BA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BAB
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BBB
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BCB
        • #692.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BDB
        • #616.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BE8
        • #641.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BF7
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #800$#616#641#692
        • String ID:
        • API String ID: 3167959800-0
        • Opcode ID: a6a548ac666af558a601114be7d606751ee3bc1ce620431d6197f26bbd5e5029
        • Instruction ID: 9356fe4d30173449151c9111659360878b37bf100094ee5e277595a9f08a0152
        • Opcode Fuzzy Hash: a6a548ac666af558a601114be7d606751ee3bc1ce620431d6197f26bbd5e5029
        • Instruction Fuzzy Hash: D9014B70008BD2DFD319EF28C4017DABBD4AB95724F444E4EA4BA423C1DBB85249C7A6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
        • Sleep.KERNEL32(00000258), ref: 1000334E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
        • Sleep.KERNEL32(0000012C), ref: 1000337B
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
        • String ID:
        • API String ID: 3137405945-0
        • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
        • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864#4694#5981#6215FocusVisibleWindow
        • String ID:
        • API String ID: 3178167619-0
        • Opcode ID: 1a6d733d580420b8a493887451b54a175d233f36bab4e684bda8ea655461db2c
        • Instruction ID: a165d9457935810366ad9cd4294938b376cde8f67e12bb8decddcdf3cf695dd6
        • Opcode Fuzzy Hash: 1a6d733d580420b8a493887451b54a175d233f36bab4e684bda8ea655461db2c
        • Instruction Fuzzy Hash: DAF012717046119BC624EB64C855FEF73A89FC4704F04891EB499D7294CEB8DC81C799
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864#4694#5981#6215FocusVisibleWindow
        • String ID:
        • API String ID: 3178167619-0
        • Opcode ID: 92b48fefc58e9c40364ca485f9614c86d8d99a2b07c795cb04c5e147ad0dbb44
        • Instruction ID: 476fabeabf8f2b54f81c640421d316b047c8eab4f50d63546c2fdb15e6869d7a
        • Opcode Fuzzy Hash: 92b48fefc58e9c40364ca485f9614c86d8d99a2b07c795cb04c5e147ad0dbb44
        • Instruction Fuzzy Hash: EAF082317446009BC624EB64D854FEFB3A89BC4700F00881EB455D3284CE78DD818BA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: free
        • String ID:
        • API String ID: 1294909896-0
        • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
        • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,1D7EE358,?,00000000,?,10008EF2), ref: 1000C89C
        • memmove.MSVCR100 ref: 1000C8F5
        • memmove.MSVCR100 ref: 1000C91C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
        • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00413BB3
        • #2818.MFC42(?,%d - %d,00000000,00000014), ref: 00413BE6
          • Part of subcall function 00401600: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401625
          • Part of subcall function 00401600: GlobalAlloc.KERNEL32(00000000,?), ref: 00401688
        • #800.MFC42 ref: 00413C0A
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocGlobal$#2818#540#800
        • String ID: %d - %d$gfff
        • API String ID: 482294231-2577607064
        • Opcode ID: 20ea6ac1d60ef7a66e114571f87e51866ee7331161c6a18d9328350813a4a48b
        • Instruction ID: 5226f1e5e8bee4439d80068d591ea63fd061d9bad1b2a21548c4d949dd13a3c0
        • Opcode Fuzzy Hash: 20ea6ac1d60ef7a66e114571f87e51866ee7331161c6a18d9328350813a4a48b
        • Instruction Fuzzy Hash: 0C21D4726047159BC214EF1AC941B9BB7E9EBC5B54F004A2EF455AB3C1C738AD08CBE5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00414B63
        • #2818.MFC42(?,%d - %d,00000000,00000014), ref: 00414B96
          • Part of subcall function 00401600: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401625
          • Part of subcall function 00401600: GlobalAlloc.KERNEL32(00000000,?), ref: 00401688
        • #800.MFC42 ref: 00414BBA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocGlobal$#2818#540#800
        • String ID: %d - %d$gfff
        • API String ID: 482294231-2577607064
        • Opcode ID: 0bfc905499401adc89ae3956bdaaf5c2165c80bbec4f7dee4c941c1dad39cd3d
        • Instruction ID: 1e69ee15709ad73da1000297df25589689e4e38413c96dd625521d7fb5ec6a7d
        • Opcode Fuzzy Hash: 0bfc905499401adc89ae3956bdaaf5c2165c80bbec4f7dee4c941c1dad39cd3d
        • Instruction Fuzzy Hash: C22107316043119BC210EF1AC841F9BB7E9EBC5B54F004A2EF4559B3C1C738AD05CBA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position$string too long
        • API String ID: 4248180022-4289949731
        • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
        • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
        • String ID:
        • API String ID: 2760534091-0
        • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
        • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,1D7EE358,?,1D7EE358,10008EF2), ref: 1000A71D
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,1D7EE358,?,1D7EE358,10008EF2), ref: 1000A740
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,1D7EE358), ref: 1000A76E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
        • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1D7EE358,?,1D7EE358,?), ref: 1000CC39
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,1D7EE358,?,1D7EE358,?), ref: 1000CC5C
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,10010E09,000000FF,?,1000CA00,?,?,1D7EE358), ref: 1000CC8A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCCF
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCDC
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction ID: c131282bc4579c986c972f2adb03389835f40558fee83756ef3b82deba687527
        • Opcode Fuzzy Hash: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction Fuzzy Hash: 88512CB5A01259EFEB04DFA8C994B9EBBF5FF48740F108169E805E7345DB70AA01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,1D7EE358,00000000,?,00000000,00000000), ref: 1000D6E8
        • _CxxThrowException.MSVCR100 ref: 1000D6FE
          • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
          • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
          • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
        • memcpy.MSVCR100 ref: 1000D740
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
        • String ID:
        • API String ID: 1366379292-0
        • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
        • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #5290.MFC42(?,?,?,?,?,?,00416148,000000FF), ref: 00407F11
        • #6199.MFC42(?,?,00000028,?,?,?,?,?,00416148,000000FF), ref: 00407FAD
        • #800.MFC42(?,00000028,?,?,?,?,?,00416148,000000FF), ref: 00407FBE
        • TranslateMessage.USER32(?), ref: 00407FC4
        • DispatchMessageA.USER32(?), ref: 00407FCB
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$#5290#6199#800DispatchTranslate
        • String ID:
        • API String ID: 1943485823-0
        • Opcode ID: 05e0815e02c6fa808f3a4c7dbf3ddfa7a026ce2e74280052185fdb4f6346410f
        • Instruction ID: 6a571f489149fda51eea508508925741afe715624570bcc1b6af6054ddd1943a
        • Opcode Fuzzy Hash: 05e0815e02c6fa808f3a4c7dbf3ddfa7a026ce2e74280052185fdb4f6346410f
        • Instruction Fuzzy Hash: 5F312871A0C2469BC7109F29C880BA7B796EB95314F14493FF895973C2C73DF886C66A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,1D7EE358,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?,?,10006CA5), ref: 1000C420
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1D7EE358,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?), ref: 1000C403
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C435
        • realloc.MSVCR100 ref: 1000C463
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000C472
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: D@std@@Incref@facet@locale@std@@Lockit@std@@$??0_??0bad_cast@std@@??1_??2@?tolower@?$ctype@Bid@locale@std@@Decref@facet@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV123@V42@@Vfacet@locale@2@Xmem@tr1@std@@reallocstd::locale::facet::_
        • String ID:
        • API String ID: 1657136341-0
        • Opcode ID: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction ID: 4099fa0d0876d1a195df608e329946193385f4c805ecebf18ba5ac7bf75522a8
        • Opcode Fuzzy Hash: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction Fuzzy Hash: F8315975600705EFE710CF59C890A6ABBF5FF88390F15856DE89A8B751D730E940CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401879
        • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401888
        • #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018A2
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018BD
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401904
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007
        • String ID:
        • API String ID: 1326147382-0
        • Opcode ID: dc95b10d1ac03377133bc2ce0e0892bfd5b6912d6855aaca4ddd31314cbc86ce
        • Instruction ID: 7ae6f541f274ed11fbd8ec8d923d13e680e71004543c061673d8933437f44df9
        • Opcode Fuzzy Hash: dc95b10d1ac03377133bc2ce0e0892bfd5b6912d6855aaca4ddd31314cbc86ce
        • Instruction Fuzzy Hash: 8B2151727803117BE7349B59CC82F56B3A5AB48B10F25822ABB15BF3D1C6B4FC418798
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??2@lstrlenmemset
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 3680187532-3074452007
        • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
        • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 10002C1F
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10002C35
        • TranslateMessage.USER32(?), ref: 10002C44
        • DispatchMessageA.USER32(?), ref: 10002C4A
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002C58
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
        • String ID:
        • API String ID: 2015114452-0
        • Opcode ID: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction ID: b75dc0117a11b7c765e1435c40dcdf28a4bdf489932a1a838a762226f6e0879c
        • Opcode Fuzzy Hash: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction Fuzzy Hash: 4901A971A40319B6F614D7948C82FAF736CEB05B90F104511FF00EB0D5D6B4E95187B4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
        • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #535.MFC42(00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406C8A
        • #6199.MFC42(?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18), ref: 00406CA6
        • #6199.MFC42(?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18), ref: 00406CB8
        • InvalidateRect.USER32(?,00000000,00000001,?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000), ref: 00406CC8
        • #800.MFC42(?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406CDA
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6199$#535#800InvalidateRect
        • String ID:
        • API String ID: 2250096790-0
        • Opcode ID: 994dc0d4cc4bd0b19c3c6b4cbe4779dd6afa050d2a97fbe218f1acda589aae25
        • Instruction ID: 634250f3fa831751ff8778ded4b0b42ae85be5000a0f035ce208fae3f5b733f6
        • Opcode Fuzzy Hash: 994dc0d4cc4bd0b19c3c6b4cbe4779dd6afa050d2a97fbe218f1acda589aae25
        • Instruction Fuzzy Hash: DF114F71208B42DFD724DF25D990F96B3A4EF94714F108A1EB4AB576D0D738A805CB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2379#3803#5981MessageSendWindow
        • String ID:
        • API String ID: 41091615-0
        • Opcode ID: 938f2d6d2c0716070b5f71880c4c4e4aeec20a5d7170676f6fe514862b934ac9
        • Instruction ID: a6108a55450b9066e21ea29c1c483718d018f334913f6b668857db5c292835b3
        • Opcode Fuzzy Hash: 938f2d6d2c0716070b5f71880c4c4e4aeec20a5d7170676f6fe514862b934ac9
        • Instruction Fuzzy Hash: 3AF08C70700A119BD324AB25DC55BAB73A4AB98700B04482EF242D76C0DA39F9018BA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetParent.USER32(?), ref: 0040BEF8
        • #2864.MFC42(00000000,?,0040AAEE,00419F3C), ref: 0040BEFB
        • GetParent.USER32(?), ref: 0040BF0E
        • #2864.MFC42(00000000,?,0040AAEE,00419F3C), ref: 0040BF11
        • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040BF38
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend
        • String ID:
        • API String ID: 3017527651-0
        • Opcode ID: 0fdc16f344fadf310b5b6b687a2be164fb696145ef7ab9344efbd5f7234ca403
        • Instruction ID: 3d3369169c08cd497077d90b78f729ea48d5ca8660a689fd42c6875071eb4ba2
        • Opcode Fuzzy Hash: 0fdc16f344fadf310b5b6b687a2be164fb696145ef7ab9344efbd5f7234ca403
        • Instruction Fuzzy Hash: 74F062763006009BD6249775DC54EEBB3A9EFC8311B05892EF55597280CA74E8018B68
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
        • CancelIo.KERNEL32(?), ref: 10002E26
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
        • closesocket.WS2_32(?), ref: 10002E39
        • SetEvent.KERNEL32(00000001), ref: 10002E43
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004147F0: #324.MFC42(00000082,?,?,?,?,?,?,?,00416F94,000000FF,00414516,00000000), ref: 0041481A
          • Part of subcall function 004147F0: #384.MFC42(00000082,?), ref: 0041482C
          • Part of subcall function 004147F0: #384.MFC42(00000082,?), ref: 0041483B
          • Part of subcall function 004147F0: #2097.MFC42(00000086,00000010,00000000,00FF00FF,00000082), ref: 00414878
          • Part of subcall function 004147F0: #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041488D
          • Part of subcall function 004147F0: #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041489D
        • #2514.MFC42 ref: 00414525
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42 ref: 0041455A
        • #686.MFC42 ref: 00414573
        • #686.MFC42 ref: 00414584
        • #641.MFC42 ref: 00414598
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#686$#2097#384$#2243#2514#324#641#800
        • String ID:
        • API String ID: 1563738909-0
        • Opcode ID: a14005c149493bd293a14327aa68ab3f85631f3761d1a8af641123a6442d78e0
        • Instruction ID: 328fc28a92ca30d3b295b4c104a2372331d45d5faf40ecf3b55bfc36585a0dff
        • Opcode Fuzzy Hash: a14005c149493bd293a14327aa68ab3f85631f3761d1a8af641123a6442d78e0
        • Instruction Fuzzy Hash: 6E110574048B80DAD325EF61C589BDEBBE0BB95B14F404B1EA5A9123E1DB785888CB17
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3797.MFC42(?,00409A2B), ref: 0040C7F3
        • GetDlgItem.USER32(?,00000000), ref: 0040C806
        • #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
        • #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
        • #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3797#4284#6215#6242Item
        • String ID:
        • API String ID: 163676089-0
        • Opcode ID: 2c3bfdd1120c5fbe994a1f395f816aa30408533a2e0fe5cee5fb19924655f403
        • Instruction ID: 2408ea8cddacdb7618da9cfe026111adc03aa04f45775504e8b2c428eec548e0
        • Opcode Fuzzy Hash: 2c3bfdd1120c5fbe994a1f395f816aa30408533a2e0fe5cee5fb19924655f403
        • Instruction Fuzzy Hash: 55F0E532740A11E3D620A7249C12FFF7359ABC4705F04452EF2129B1C0CEB8A8C2879C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,?,1000DE2D,?), ref: 10006383
        • memmove.MSVCR100 ref: 100063AF
        • ??3@YAXPAX@Z.MSVCR100 ref: 100063C7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@memmove
        • String ID: vector<T> too long
        • API String ID: 1993728168-3788999226
        • Opcode ID: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction ID: 666fb908681a4cb4fcb84fde5cab495aadc7bf52184e8f2216cd687e136a9d11
        • Opcode Fuzzy Hash: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction Fuzzy Hash: 2401D4B16002059FE718CF68CCD982AB7E9EB18240724462DE847C3344E730F950CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: memcpy
        • String ID:
        • API String ID: 3510742995-0
        • Opcode ID: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction ID: 61b773e0558493be9a29dabd4f951307aa74c3da6f26a6b18387d70fbbbfb126
        • Opcode Fuzzy Hash: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction Fuzzy Hash: E2613B75A01606EFEB48CF69C580AD9B7E5FF48390F50866EE85AC7744EB70E944CB80
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,1D7EE358,00000000,00000000,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
        • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A40D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A457
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A4A7
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A4EE
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,1D7EE358,00000000,00000000,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction ID: 064e6777206eaa59b6d0f19c807af86857d994d2322ab606cc61307b9a3a3038
        • Opcode Fuzzy Hash: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction Fuzzy Hash: CC616274E002899FEF04DFA8C8947DDBBB1FF4A394F108269E815AB345D770A985CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ObjectSelect$#2864Parent
        • String ID:
        • API String ID: 1399990326-0
        • Opcode ID: c8689ef5a7c8cac20365f2425885433abe2a44d1108151bc809041562ab1a363
        • Instruction ID: 15f46b8a9ea0470eb7eb0db59e30638534b6459c629e3472e09141482f2f0991
        • Opcode Fuzzy Hash: c8689ef5a7c8cac20365f2425885433abe2a44d1108151bc809041562ab1a363
        • Instruction Fuzzy Hash: 152183323001009BCB54DF59C888AEBB3A9FF88711B15446AF985AB391C738EC12CBD9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalFree.KERNEL32(?), ref: 004017A4
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004017BF
        • GlobalAlloc.KERNEL32(00000040), ref: 004017D9
        • #3286.MFC42(00000000), ref: 004017FD
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Global$#3286AllocFreeMessageSend
        • String ID:
        • API String ID: 2333393167-0
        • Opcode ID: af3ac01dd7baa738893183f4f313676d738051f89685205a3e1073b3764f02bb
        • Instruction ID: 07af90eeff1af71cd945f9cffb9a0e06284ec2ecc1341b1c46cfef73ac42a9d5
        • Opcode Fuzzy Hash: af3ac01dd7baa738893183f4f313676d738051f89685205a3e1073b3764f02bb
        • Instruction Fuzzy Hash: AB2171722007059FC320EF99D8C4D6BB7E9EB48701B04493EF146D7660DB34A944CBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1D7EE358,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7BA
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(0000005E,1D7EE358,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7D5
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C80F
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,?,1000BED7,?,10012890,00000000,0000005E,?,?,?), ref: 1000C82A
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 2639648381-0
        • Opcode ID: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction ID: 0dae501bc556696bb7c4d7e10b9c2053542ed37b5a19796234fa89d0372f365e
        • Opcode Fuzzy Hash: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction Fuzzy Hash: 773141B560160AAFEB04DF64C894B6EB7B5FF49750F00C25DE92997394DB34E900CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 100011E9
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
        • memcpy.MSVCR100 ref: 10001243
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001256
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
        • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DBB6
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DBDB
        • #3293.MFC42(?,?,00000000,?,00000000,?), ref: 0040DBFA
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DC22
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3092#3293
        • String ID:
        • API String ID: 321520759-0
        • Opcode ID: 5e3df3e569e7818bdded95cbe6a4456cad5093cfb314d850570bc8d8328560f4
        • Instruction ID: d12d205e120f1eb49d295b4a066c6ccf0350d75b0211d872283c61e1aabd6704
        • Opcode Fuzzy Hash: 5e3df3e569e7818bdded95cbe6a4456cad5093cfb314d850570bc8d8328560f4
        • Instruction Fuzzy Hash: D62138B1608301ABD314DF59C881E2BF7E5FBC8758F148A2EF588A7381D674E8458B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 100043EC
          • Part of subcall function 100012C0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 100012EB
          • Part of subcall function 10001280: memcpy.MSVCR100 ref: 100012A1
          • Part of subcall function 100041E0: EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CD7017C,10004C5B,?), ref: 100041E8
          • Part of subcall function 100041E0: LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
          • Part of subcall function 10004A70: HeapFree.KERNEL32(?,00000000,?,00000000,10004C5B,?,100042C8,10004C5B,00000000,?,6CD7017C,10004C5B,?), ref: 10004A97
        • SetLastError.KERNEL32(00000000,?), ref: 100043D7
        • SetLastError.KERNEL32(00000057), ref: 10004401
        • WSAGetLastError.WS2_32(?), ref: 10004410
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeavememcpy
        • String ID:
        • API String ID: 993608311-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: c83054a75a0c69128b26031afe2b7a8ad0b6ec7a765fcb7c10a623894899581c
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: 44110676A0512C9BEB00DF69E8846DEB7E8EF882B2B4141B6FC0CD3205DB31DD1186D4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32 ref: 004100E6
        • #6907.MFC42(00000000,?,?,00000000), ref: 004100FF
        • SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 00410113
        • #6907.MFC42(?,?,?,00419F40,?,?), ref: 00410138
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6907MessageSend
        • String ID:
        • API String ID: 3495772279-0
        • Opcode ID: c54e1559d51c5afb4d34dc881bde1bd484b537c2762c494e4e17d70a71b287c5
        • Instruction ID: f9bcfbdfb13ecff40a37b224b4e33d159a941da1e2cde92e1080825855db3606
        • Opcode Fuzzy Hash: c54e1559d51c5afb4d34dc881bde1bd484b537c2762c494e4e17d70a71b287c5
        • Instruction Fuzzy Hash: 55119D713052026BD214EA19DC80DABB3E9FFC8364F444A1EF95897390DB79EC818BA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 1000112F
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
        • memcpy.MSVCR100 ref: 1000117C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
        • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32 ref: 00410046
        • #6907.MFC42(00000000,?,000000FF,00000000), ref: 00410059
        • SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 0041006D
        • #6907.MFC42(?,?,000000FF,00419F40,?,?), ref: 0041008D
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #6907MessageSend
        • String ID:
        • API String ID: 3495772279-0
        • Opcode ID: 510b392a0d6332e4f4873f4fdbb564b9774c95447bacfd4461a23000c3d3785d
        • Instruction ID: dc864a712261c93fcf170dca1640330c129863e3eb2bd9dfee2ad648ad627b97
        • Opcode Fuzzy Hash: 510b392a0d6332e4f4873f4fdbb564b9774c95447bacfd4461a23000c3d3785d
        • Instruction Fuzzy Hash: E711C6313043126BD214E619DC40EABB7D8EBC8374F04471EF968933D1DA79EC8587A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
        • #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007
        • String ID:
        • API String ID: 1326147382-0
        • Opcode ID: 15fb5e9df04955d8139b4d5beaebcd6daf4fa60375773543a8c95e47007ee4db
        • Instruction ID: 65168cfb12a8fd8d3a401fb41d0b69fa2b6fab217c9cfb2bdefbdd0278d03a9a
        • Opcode Fuzzy Hash: 15fb5e9df04955d8139b4d5beaebcd6daf4fa60375773543a8c95e47007ee4db
        • Instruction Fuzzy Hash: BD112E75344205BBE324CE44CC82F56B365AB85B14F204619B6256F2C1C6B1F842CBA8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAEventSelect.WS2_32(10003ABB,00000001,00000023), ref: 10003C02
        • WSAGetLastError.WS2_32 ref: 10003C0D
        • send.WS2_32(00000001,00000000,00000000,00000000), ref: 10003C58
        • WSAGetLastError.WS2_32 ref: 10003C63
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ErrorLast$EventSelectsend
        • String ID:
        • API String ID: 259408233-0
        • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction ID: 1e34e906bf1f561d7e2ad43756d4eb31c95bef378edec9e2eb53c750d2609e08
        • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction Fuzzy Hash: E7113AB6600B509BE320CB79D8C8A47B7E9FB88750F018A2DF9A6C3695D735E9008B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,1D7EE358,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,1D7EE358,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
        • String ID:
        • API String ID: 3901553425-0
        • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
        • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4171.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 004092EB
        • #6311.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040931A
        • atoi.MSVCRT ref: 00409324
        • atoi.MSVCRT ref: 00409347
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: atoi$#4171#6311
        • String ID:
        • API String ID: 2874515399-0
        • Opcode ID: 5634b64e660e85bf2a08f1bc62431a10aa0e11623e8f56c37f5376e058f5a749
        • Instruction ID: 4e538b6d0d54c3787feeade5485a61fd55d35725d4af0d967ff2f29effe0b47f
        • Opcode Fuzzy Hash: 5634b64e660e85bf2a08f1bc62431a10aa0e11623e8f56c37f5376e058f5a749
        • Instruction Fuzzy Hash: C211A1353082959FC700CF5EA844BABBB96AFC9310F04897EE89D87342C7349855CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalAlloc.KERNEL32(00000040,00000088,?,-00000001,00412DFE,0041E5D4,000000FD,?,?,?,75C63E40), ref: 00412E72
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00412E8C
        • #823.MFC42(00000088,?,?,?,75C63E40), ref: 00412E9A
        • lstrcpyA.KERNEL32(00000008,?,75C63E40), ref: 00412EB6
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocGlobal$#823lstrcpy
        • String ID:
        • API String ID: 3586439457-0
        • Opcode ID: 7e7d2c31a4620e83ed626e225e7b40ae6f9b9f5d1d17a34bd376cbd7f63539d8
        • Instruction ID: b7b0b0cc079fc0364bf160c095c07b476642a0dc7e24dd59a4a16415926b77af
        • Opcode Fuzzy Hash: 7e7d2c31a4620e83ed626e225e7b40ae6f9b9f5d1d17a34bd376cbd7f63539d8
        • Instruction Fuzzy Hash: AB019EB43007409FE354CF29C845B6BB7E4FB98304B00882EF68AC3340EBB4E8558B54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CD7017C,10004C5B,?), ref: 100041E8
        • LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
        • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
        • SetEvent.KERNEL32(207E8915), ref: 10004272
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
        • InterlockedIncrement.KERNEL32(?), ref: 100049A4
        • InterlockedIncrement.KERNEL32(?), ref: 100049B1
        • timeGetTime.WINMM(?,00000001,?,10003C4F,?,?,00000001), ref: 100049C8
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: IncrementInterlockedTimetime
        • String ID:
        • API String ID: 159728177-0
        • Opcode ID: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
        • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
        • Opcode Fuzzy Hash: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
        • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #470#755ClientRectVisibleWindow
        • String ID:
        • API String ID: 2977826925-0
        • Opcode ID: b1f4e1f25df3d37329986854d6e9019275d49ad15842e48ddad6b849f05959d2
        • Instruction ID: 1519f1119bf27b188b0bf3c5c4b8e9847cb309b54cc179c3bcb244cfd42cd380
        • Opcode Fuzzy Hash: b1f4e1f25df3d37329986854d6e9019275d49ad15842e48ddad6b849f05959d2
        • Instruction Fuzzy Hash: 2B014071204B419BD724DF24C941BEB77E8FB84711F100A2EA4A6932D0DB38E945CF96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • free.MSVCR100(?), ref: 100036DC
        • malloc.MSVCR100 ref: 10003718
        • memset.MSVCR100 ref: 10003727
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CreateTimerWaitablefreemallocmemset
        • String ID:
        • API String ID: 3069344516-0
        • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
        • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004024B0: #3092.MFC42(00000000), ref: 004024BD
          • Part of subcall function 00402DB0: #324.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DD5
          • Part of subcall function 00402DB0: #567.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DE7
          • Part of subcall function 00402DB0: #567.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DFF
        • #2514.MFC42 ref: 0040F202
        • #692.MFC42 ref: 0040F22B
        • #692.MFC42 ref: 0040F23C
        • #641.MFC42 ref: 0040F250
          • Part of subcall function 00402290: #3092.MFC42(00000000), ref: 004022A1
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #3092#567#692$#2514#324#641
        • String ID:
        • API String ID: 2457609574-0
        • Opcode ID: 8b0c1a5412d35a957c39f2de7a90c47505531eabfef723a9fa47a9d341331637
        • Instruction ID: 5a0283a537d62c20cf679f0c3ddb2408d2df397c9c6cda289bb286ce79eee15f
        • Opcode Fuzzy Hash: 8b0c1a5412d35a957c39f2de7a90c47505531eabfef723a9fa47a9d341331637
        • Instruction Fuzzy Hash: D911A1304447529BC334EB10C455BFAB7D4BF80714F000A3EA0AA53AC2DB7C5445C78A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136A0
        • #686.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136B6
        • #686.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136C6
        • #784.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136D5
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#686$#784#800
        • String ID:
        • API String ID: 3026072876-0
        • Opcode ID: 675f26117ef954a6f93b9afec8f3ef7c8d9fa306aa560c4b23f36852fbedbdad
        • Instruction ID: cc95cc9ff5ba107c2d71315eb9d2b6da0866002cb2946d0adfe30b866be698f6
        • Opcode Fuzzy Hash: 675f26117ef954a6f93b9afec8f3ef7c8d9fa306aa560c4b23f36852fbedbdad
        • Instruction Fuzzy Hash: EE015E70108B82DEC314DF29C4417CAFBE4BFA4724F54491FE4A543392DBB85188CBA6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
        • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
        • free.MSVCR100(?), ref: 1000EEB5
        • HeapDestroy.KERNEL32(?), ref: 1000EEE3
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Heap$Destroyfree$CreateFree
        • String ID:
        • API String ID: 3907340440-0
        • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
        • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414604
        • #686.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414617
        • #686.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414624
        • #641.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414633
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#686$#641#800
        • String ID:
        • API String ID: 2903208339-0
        • Opcode ID: 1b792ba0bbb305c2dc51db22c123b59f0714f5ea113a5899614e18a9afdbc8da
        • Instruction ID: 8f4089895f77b8abc982e886fc642f3fbc7342fd6abf2a13a125c5b034eb10d7
        • Opcode Fuzzy Hash: 1b792ba0bbb305c2dc51db22c123b59f0714f5ea113a5899614e18a9afdbc8da
        • Instruction Fuzzy Hash: 4801B170004B82DFC311DF19C44138ABFE4AFA0720F500A0EE491437A2CBB89188CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
        • _beginthreadex.MSVCR100 ref: 1000F46F
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
        • CloseHandle.KERNEL32(?), ref: 1000F48A
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
        • String ID:
        • API String ID: 92035984-0
        • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
        • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414
        • String ID:
        • API String ID: 3739888808-0
        • Opcode ID: b43ad747ddb974d1523d16e339f9a3478cdd00430e4c233c5f89384e193527c7
        • Instruction ID: 93b45de41bcc5ba9fdbd138b294598631825f68be7c5dcfd1f45a7b6625ac36f
        • Opcode Fuzzy Hash: b43ad747ddb974d1523d16e339f9a3478cdd00430e4c233c5f89384e193527c7
        • Instruction Fuzzy Hash: C4F05E34701702E7DB39FB268590BFB73A86F01704748C41F996AC6351DB2AE882C6A8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2379#2864#5981Parent
        • String ID:
        • API String ID: 1933159328-0
        • Opcode ID: d30cba25ed0dab19cb902c3ba0322cde77d5064d46c98209e01d518f1e872683
        • Instruction ID: fcaf373daaa2658889019310cbe4dff29400d948bb2b958b6c98e6fd2191a6cc
        • Opcode Fuzzy Hash: d30cba25ed0dab19cb902c3ba0322cde77d5064d46c98209e01d518f1e872683
        • Instruction Fuzzy Hash: 7ED0127690410097C614ABA58448DEE3755FB94308B54495FF454DA152CB7ED881CA1E
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2379#2864#5981Parent
        • String ID:
        • API String ID: 1933159328-0
        • Opcode ID: d7e734f5d25ea9c1470851c901eea40d5330e1e85b6d7369b3846af47297b0cb
        • Instruction ID: c0d70dc072b2510f590ba786235cd8a71ecdbcf86b2f1744455a9fd37a4cb7d7
        • Opcode Fuzzy Hash: d7e734f5d25ea9c1470851c901eea40d5330e1e85b6d7369b3846af47297b0cb
        • Instruction Fuzzy Hash: 2ED0C7B6900604DBCA00BBB194099DE7795BBD4309F50C4AEF4595B142CB7E8452CF19
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Cursor$#1168#2379Load
        • String ID:
        • API String ID: 1099151914-0
        • Opcode ID: abeb859472e598c54423de924772c2d2d2ed392454b94daad15af5100491cf39
        • Instruction ID: 7644bc87213bd79a3cd947c37665fd61c37f95182656d3fb1eceac38ebd14046
        • Opcode Fuzzy Hash: abeb859472e598c54423de924772c2d2d2ed392454b94daad15af5100491cf39
        • Instruction Fuzzy Hash: 6AD0C93DA483409AE6016BB16C09FDE3714BBA170AF2480AEB559592C2C96A4052C939
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2379#2864#5981Focus
        • String ID:
        • API String ID: 3515412747-0
        • Opcode ID: a0b1e324b5e0ff02e583b99e54f571aa0f616b567de08cc82e74d559d0c82ca0
        • Instruction ID: e32edee88dd4a72563682126d0a75ab8824ba07c28201cf303c44bf40dea7885
        • Opcode Fuzzy Hash: a0b1e324b5e0ff02e583b99e54f571aa0f616b567de08cc82e74d559d0c82ca0
        • Instruction Fuzzy Hash: 41C08C37A01830CB896533B12C258EE12088BC9B0830588AFF40587289CEBC8CC24ADE
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
        • memcpy.MSVCR100 ref: 1000D514
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: string too long
        • API String ID: 4248180022-2556327735
        • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
        • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
        • memcpy.MSVCR100 ref: 1000D8B2
          • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
          • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
          • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
        • String ID: string too long
        • API String ID: 433638341-2556327735
        • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
        • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,1D7EE358,15555555,?,?,?,00000000), ref: 10008C1D
        • ??3@YAXPAX@Z.MSVCR100 ref: 10008C78
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2313657577-3788999226
        • Opcode ID: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction ID: fb7adf7a1d09ac6a26db31f93637622f031e953306e888bd675b0b75f72f74ca
        • Opcode Fuzzy Hash: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction Fuzzy Hash: A4218EB6A00606AFD704DF5CC980E9AB7F4FB88350F518629E9159B384DB30AA14CBD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??3@YAXPAX@Z.MSVCR100 ref: 100087D0
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1D7EE358,?,1D7EE358,00000000,00000000,1D7EE358,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000), ref: 10008789
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??1_??3@Bid@locale@std@@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@V123@
        • String ID: Al
        • API String ID: 503125221-1778873614
        • Opcode ID: 34c07ca1a28c0cac1c46c8f91c418a1a1773f2b163a92778d455ce860451933d
        • Instruction ID: 8261ea698c8fb13e889d9ef692a79a4fd60761dcbb62728df732063f94073a9f
        • Opcode Fuzzy Hash: 34c07ca1a28c0cac1c46c8f91c418a1a1773f2b163a92778d455ce860451933d
        • Instruction Fuzzy Hash: FB21A775A041599FEB04DF68CC51BAEBBB4FF05750F108529E95697784D730EA00CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
          • Part of subcall function 1000D7C0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1000D897,00000000,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D7CA
        • memcpy.MSVCR100 ref: 1000D433
        Strings
        • invalid string position, xrefs: 1000D3D2
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position
        • API String ID: 4248180022-1799206989
        • Opcode ID: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction ID: 52917fc2c828b592c0c48c691309feb71193cfbfd6d654fc01bcf82dc82b710e
        • Opcode Fuzzy Hash: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction Fuzzy Hash: B311CE363002119BE714EE6CE8C0AADB7A6FB942A0B54022FF545CB645D771F994C7F1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,1D7EE358), ref: 1000D2C8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xlength_error@std@@
        • String ID: string too long
        • API String ID: 1004598685-2556327735
        • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
        • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,?,1000D3F8,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D34F
        • memmove.MSVCR100 ref: 1000D386
        Strings
        • invalid string position, xrefs: 1000D34A
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: Xout_of_range@std@@memmove
        • String ID: invalid string position
        • API String ID: 1894236298-1799206989
        • Opcode ID: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction ID: 7c4033c306467bb4ef33dfaef203c6491ed6da220de6590d554043c3ccb312a9
        • Opcode Fuzzy Hash: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction Fuzzy Hash: 8F0171B13046008BE721DA6CEC8861EB7E6EBC1680B254A1DE182C764DD671DD828762
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 10005B4A
        • RegCloseKey.ADVAPI32(?), ref: 10005B54
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: Host
        • API String ID: 3132538880-1863695555
        • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction ID: dcad731e8835d6dae927973394ebae374a698fdf24b40fc78b981aaf5b05d5c2
        • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction Fuzzy Hash: A3E0C2B4600254FFE315CF648C9DFBA7B6ADB89301F108380FD459B244CA32DA15C790
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 10005B9A
        • RegCloseKey.ADVAPI32(?), ref: 10005BA4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: BITS
        • API String ID: 3132538880-1135043067
        • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction ID: 335dbc8b6873fe5d047cc230d3b8783f13d6a85026f1eab1c6dcc6bab130e0b3
        • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction Fuzzy Hash: FDE0C2B4600254FFE311CB648C9DFBB7B6ADB89302F108280FC459B255CA32DA11CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42 ref: 00413748
        • SetRect.USER32(?,0000000F,0000000A,0000000A,0000000A), ref: 0041375C
          • Part of subcall function 00410550: #2414.MFC42 ref: 0041056A
          • Part of subcall function 00410550: #2414.MFC42 ref: 00410580
          • Part of subcall function 00410550: #2414.MFC42 ref: 00410596
          • Part of subcall function 00410550: #2414.MFC42 ref: 004105AC
          • Part of subcall function 00410550: GetDeviceCaps.GDI32(?,0000000A), ref: 004105C1
          • Part of subcall function 00410550: GetDeviceCaps.GDI32(?,00000008), ref: 004105CD
          • Part of subcall function 00410550: SetRect.USER32(?,00000000,00000000,00000000,?), ref: 004105E1
          • Part of subcall function 00410550: DPtoLP.GDI32(?,?,00000002), ref: 004105EE
          • Part of subcall function 00410550: #3908.MFC42(?), ref: 00410647
          • Part of subcall function 00410550: #3908.MFC42(?,?), ref: 00410653
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.4081485337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.4081460078.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081530735.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081571757.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.4081595402.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: #2414$#3908CapsDeviceRect$#860
        • String ID: here's the data name
        • API String ID: 3079116590-3511830258
        • Opcode ID: 8619c5fff9c4a79fee2a3775f34b3be6f997dcfe6bfe4b09a72992116e738401
        • Instruction ID: 27673d4f9ffca9e8097bc8676f97decaacbf51bd08d65f14ba44668c9589ae43
        • Opcode Fuzzy Hash: 8619c5fff9c4a79fee2a3775f34b3be6f997dcfe6bfe4b09a72992116e738401
        • Instruction Fuzzy Hash: C8E0DF35600300BAE220EB20DC8AFD7B3A8EB68700F10881EB55A161C0DBB8B980CB25
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
        • memset.MSVCR100 ref: 10005D11
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
        • memcpy.MSVCR100 ref: 10005D39
        Memory Dump Source
        • Source File: 00000000.00000002.4083341351.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.4083314884.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083361006.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083381246.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.4083396896.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_#U67e5#U8be2#U5165#U53e3.jbxd
        Similarity
        • API ID: AllocVirtual$memcpymemset
        • String ID:
        • API String ID: 2542864682-0
        • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
        • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Execution Graph

        Execution Coverage:6.5%
        Dynamic/Decrypted Code Coverage:94.1%
        Signature Coverage:0%
        Total number of Nodes:1364
        Total number of Limit Nodes:16
        execution_graph 14382 1000f3b0 SetEvent 14383 1000f401 14382->14383 14384 1000f3fc 14382->14384 14388 1000d9b0 14383->14388 14408 1000f560 OpenInputDesktop 14384->14408 14414 100105c0 14388->14414 14391 1000da38 GetLastError 14392 1000da5b 14391->14392 14394 1000da45 ReleaseMutex CloseHandle exit 14391->14394 14416 10002c70 WSAStartup CreateEventA InterlockedExchange 14392->14416 14394->14392 14397 1000da7f 14398 1000daa0 GetTickCount 14397->14398 14399 1000dabb GetTickCount 14397->14399 14440 10002e60 ResetEvent InterlockedExchange timeGetTime socket 14398->14440 14400 1000daf1 CreateEventA 14399->14400 14403 1000db5c 14400->14403 14401 1000db64 ??2@YAPAXI 14401->14403 14403->14401 14404 1000dba9 14403->14404 14451 10006970 GetModuleHandleW 14403->14451 14405 1000dbd0 TerminateThread CloseHandle 14404->14405 14406 1000dbf8 CloseHandle 14404->14406 14405->14405 14405->14406 14406->14398 14409 1000f5af 14408->14409 14413 1000f5c1 14408->14413 15542 1000f4a0 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 14409->15542 14412 1000f5ba CloseDesktop 14412->14413 14413->14383 14415 1000d9cf wsprintfA CreateMutexA 14414->14415 14415->14391 14415->14392 14526 1000fb3c 14416->14526 14418 10002d06 14419 1000f0b0 CreateEventA 14418->14419 14420 1000f111 14419->14420 14421 1000f107 14419->14421 14532 1000ee00 HeapCreate 14420->14532 14545 10001560 _CxxThrowException DeleteCriticalSection 14421->14545 14425 1000f1a0 14546 10001560 _CxxThrowException DeleteCriticalSection 14425->14546 14426 1000f1aa CreateEventA 14428 1000f1e3 14426->14428 14429 1000f1ed CreateEventA 14426->14429 14547 10001560 _CxxThrowException DeleteCriticalSection 14428->14547 14431 1000f212 CreateEventA 14429->14431 14432 1000f208 14429->14432 14434 1000f237 14431->14434 14435 1000f22d 14431->14435 14548 10001560 _CxxThrowException DeleteCriticalSection 14432->14548 14538 1000ef10 InitializeCriticalSectionAndSpinCount 14434->14538 14549 10001560 _CxxThrowException DeleteCriticalSection 14435->14549 14439 1000f354 14439->14397 14441 10002ec9 14440->14441 14442 10002ede gethostbyname 14440->14442 14443 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14441->14443 14442->14441 14444 10002eeb htons connect 14442->14444 14445 10002ed8 14443->14445 14444->14441 14446 10002f21 setsockopt setsockopt setsockopt setsockopt 14444->14446 14445->14397 14447 10002fd0 InterlockedExchange _beginthreadex _beginthreadex 14446->14447 14448 10002f9c WSAIoctl 14446->14448 14449 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14447->14449 14448->14447 14450 10003022 14449->14450 14450->14397 14452 100069f8 OutputDebugStringA memset memset gethostname gethostbyname 14451->14452 14453 100069df GetProcAddress 14451->14453 14455 10006a53 inet_ntoa strcat_s strcat_s 14452->14455 14456 10006aee inet_addr 14452->14456 14453->14452 14454 100069ef 14453->14454 14454->14452 14455->14456 14458 10006a9c 14455->14458 14457 10006b0a wsprintfA 14456->14457 14553 10006480 memset memset 14457->14553 14459 10006aa0 inet_ntoa strcat_s strcat_s 14458->14459 14459->14456 14459->14459 14464 10006b8a 14578 100067d0 InternetOpenA 14464->14578 14467 1000d460 15 API calls 14468 10006bc8 ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14467->14468 14469 10006c38 14468->14469 14595 10008310 14469->14595 14471 10006cb5 14599 10007cc0 ??2@YAPAXI 14471->14599 14476 10006e92 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14477 10006f0b 14476->14477 14480 10008310 strchr 14477->14480 14482 10006f88 14480->14482 14484 10007cc0 148 API calls 14482->14484 14483 10006dfd 14485 10006e14 14483->14485 14486 10006e07 ??3@YAXPAX 14483->14486 14490 10006f90 14484->14490 14487 10006e61 strncpy 14485->14487 14488 10006e28 14485->14488 14486->14485 14487->14488 14488->14476 14489 10006e82 ??3@YAXPAX 14488->14489 14489->14476 14491 10007b50 96 API calls 14490->14491 14492 10007067 14491->14492 14493 10007165 9 API calls 14492->14493 14495 10007770 26 API calls 14492->14495 14494 1000724e 14493->14494 14496 1000726e 14494->14496 14497 10007252 capGetDriverDescriptionA 14494->14497 14498 100070a6 14495->14498 14625 10006550 memset 14496->14625 14497->14494 14497->14496 14499 1000d3c0 13 API calls 14498->14499 14500 100070d2 14499->14500 14502 100070e9 14500->14502 14503 100070dc ??3@YAXPAX 14500->14503 14507 10007134 strncpy 14502->14507 14508 100070fd 14502->14508 14503->14502 14505 100072a3 wsprintfA 14506 100072b6 OutputDebugStringA 14505->14506 14632 10003190 GetCurrentThreadId 14506->14632 14507->14508 14508->14493 14510 10007155 ??3@YAXPAX 14508->14510 14510->14493 14511 100072f3 ??3@YAXPAX 14514 100072f9 14511->14514 14512 10007349 14515 1000735d ??3@YAXPAX 14512->14515 14520 10007363 14512->14520 14513 1000733f ?_Decref@facet@locale@std@@QAEPAV123 14513->14512 14514->14512 14514->14513 14515->14520 14516 100073a9 ?_Decref@facet@locale@std@@QAEPAV123 14517 100073b3 14516->14517 14518 100073d6 14517->14518 14519 100073ca ??3@YAXPAX 14517->14519 14521 10007400 14518->14521 14522 100073f4 ??3@YAXPAX 14518->14522 14519->14518 14520->14516 14520->14517 14523 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14521->14523 14522->14521 14524 1000741e 14523->14524 14524->14403 14527 1000fb44 14526->14527 14528 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 14526->14528 14527->14418 14530 10010137 _crt_debugger_hook 14528->14530 14531 1001013f GetCurrentProcess TerminateProcess 14528->14531 14530->14531 14531->14418 14533 1000ee31 14532->14533 14534 1000ee27 14532->14534 14536 1000ee55 free 14533->14536 14537 1000ee6e InitializeCriticalSectionAndSpinCount 14533->14537 14550 10001560 _CxxThrowException DeleteCriticalSection 14534->14550 14536->14537 14537->14425 14537->14426 14539 1000ef71 14538->14539 14540 1000ef7b InitializeCriticalSectionAndSpinCount 14538->14540 14551 10001560 _CxxThrowException DeleteCriticalSection 14539->14551 14542 1000ef93 InterlockedExchange timeGetTime CreateEventA CreateEventA 14540->14542 14543 1000ef89 14540->14543 14542->14439 14552 10001560 _CxxThrowException DeleteCriticalSection 14543->14552 14545->14420 14546->14426 14547->14429 14548->14431 14549->14434 14550->14533 14551->14540 14552->14542 14554 100064fc 14553->14554 14555 100064ed ??2@YAPAXI 14553->14555 14663 1000f5f0 memset memset RegOpenKeyExA 14554->14663 14555->14554 14558 10006532 gethostname 14559 1000653e lstrlenA 14558->14559 14560 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14559->14560 14561 1000654c OutputDebugStringA 14560->14561 14562 1000d460 14561->14562 14563 1000d4bb 14562->14563 14568 1000d46e 14562->14568 14564 1000d4c0 ?_Xlength_error@std@@YAXPBD 14563->14564 14565 1000d4cb 14563->14565 14564->14565 14566 1000d4dd 14565->14566 14681 1000d650 14565->14681 14569 1000d511 memcpy 14566->14569 14573 1000d4ef 14566->14573 14568->14563 14570 1000d490 14568->14570 14569->14573 14571 1000d495 14570->14571 14572 1000d4a8 14570->14572 14574 1000d3c0 13 API calls 14571->14574 14575 1000d3c0 13 API calls 14572->14575 14573->14464 14576 1000d4a2 14574->14576 14577 1000d4b5 14575->14577 14576->14464 14577->14464 14579 10006842 InternetOpenUrlA 14578->14579 14580 10006818 14578->14580 14583 10006860 InternetCloseHandle 14579->14583 14584 1000687c InternetReadFile 14579->14584 14713 10007900 14580->14713 14583->14580 14586 100068b6 14584->14586 14589 100068ed 14584->14589 14586->14589 14697 1000d810 14586->14697 14587 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14590 10006961 14587->14590 14592 10006922 InternetCloseHandle InternetCloseHandle 14589->14592 14590->14467 14591 100068d3 InternetReadFile 14591->14586 14591->14589 14593 10006947 14592->14593 14594 10006937 ??3@YAXPAX 14592->14594 14593->14587 14594->14593 14596 10008327 14595->14596 14598 1000831a 14595->14598 14597 10008335 strchr 14596->14597 14596->14598 14597->14598 14598->14471 14600 10007d03 14599->14600 14741 100084b0 14600->14741 14603 10007d64 14756 100086b0 14603->14756 14604 10007d59 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14604->14603 14607 10006cbd 14608 10007b50 14607->14608 14609 10007b91 14608->14609 14610 10007b8a 14608->14610 15292 10007e30 14609->15292 14613 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14610->14613 14612 10007bb9 15295 100081d0 14612->15295 14615 10006d92 14613->14615 14615->14476 14647 10007770 14615->14647 14617 10007c85 ?_Decref@facet@locale@std@@QAEPAV123 14617->14610 14619 10007c4b 14620 100081d0 92 API calls 14619->14620 14622 10007c5a 14620->14622 14621 100081d0 92 API calls 14623 10007c04 14621->14623 14622->14610 14622->14617 14623->14619 14623->14621 14623->14622 14624 10007ef0 76 API calls 14623->14624 14624->14623 14626 100065d7 14625->14626 14627 100065c8 ??2@YAPAXI 14625->14627 14628 1000f5f0 22 API calls 14626->14628 14627->14626 14629 100065f9 lstrlenA 14628->14629 14630 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14629->14630 14631 1000660d 14630->14631 14631->14505 14631->14506 14633 100031be 14632->14633 14634 100031a8 14632->14634 15498 10001100 14633->15498 14635 100031b0 InterlockedExchange 14634->14635 14635->14633 14635->14635 14637 100031df 14638 10001100 4 API calls 14637->14638 14639 10003206 14638->14639 15506 10001060 14639->15506 14645 1000325f GetCurrentThreadId 14646 1000326f OutputDebugStringA 14645->14646 14646->14511 14646->14514 15525 100077e0 14647->15525 14650 1000d3c0 14651 1000d3d2 ?_Xout_of_range@std@@YAXPBD 14650->14651 14652 1000d3dd 14650->14652 14651->14652 14653 1000d409 14652->14653 14654 1000d3eb 14652->14654 14656 1000d7c0 9 API calls 14653->14656 15537 1000d340 14654->15537 14660 1000d410 14656->14660 14658 1000d340 2 API calls 14659 1000d401 14658->14659 14659->14483 14661 1000d42e memcpy 14660->14661 14662 1000d444 14660->14662 14661->14662 14662->14483 14664 1000f6a8 14663->14664 14676 1000f699 14663->14676 14666 1000f709 RegQueryValueExA 14664->14666 14667 1000f79e RegQueryValueExA 14664->14667 14668 1000f6bf RegQueryValueExA 14664->14668 14669 1000f7df RegQueryValueExA 14664->14669 14664->14676 14672 1000f740 14666->14672 14666->14676 14673 1000f7d1 wsprintfA 14667->14673 14667->14676 14671 1000f6f6 lstrcpyA 14668->14671 14668->14676 14669->14673 14669->14676 14670 1000f838 14675 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 14670->14675 14671->14676 14678 1000f755 strncat strncat strchr 14672->14678 14679 1000f78b lstrcpyA 14672->14679 14673->14676 14677 10006522 lstrlenA 14675->14677 14680 1000f85a RegCloseKey RegCloseKey 14676->14680 14677->14558 14677->14559 14678->14672 14679->14676 14680->14670 14682 1000d68b 14681->14682 14683 1000d6c7 ??2@YAPAXI 14682->14683 14684 1000d6da ??0exception@std@@QAE@ABQBD _CxxThrowException 14682->14684 14690 1000d6d5 14682->14690 14683->14684 14683->14690 14692 1000d600 14684->14692 14686 1000d748 14687 1000d75a 14686->14687 14688 1000d74e ??3@YAXPAX 14686->14688 14687->14566 14688->14687 14690->14686 14691 1000d73a memcpy 14690->14691 14691->14686 14693 1000d648 14692->14693 14694 1000d60c 14692->14694 14693->14566 14695 1000d611 ??2@YAPAXI 14694->14695 14696 1000d61f ??0exception@std@@QAE@ABQBD _CxxThrowException 14694->14696 14695->14693 14695->14696 14696->14693 14698 1000d86f 14697->14698 14702 1000d81e 14697->14702 14699 1000d88a 14698->14699 14700 1000d87f ?_Xlength_error@std@@YAXPBD 14698->14700 14712 1000d8c3 14699->14712 14735 1000d7c0 14699->14735 14700->14699 14702->14698 14704 1000d840 14702->14704 14703 1000d897 14709 1000d8a7 memcpy 14703->14709 14703->14712 14705 1000d845 14704->14705 14706 1000d85a 14704->14706 14726 1000d550 14705->14726 14708 1000d550 12 API calls 14706->14708 14711 1000d869 14708->14711 14709->14712 14711->14591 14712->14591 14714 10007940 14713->14714 14715 100079b4 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12 14714->14715 14723 100079bc 14714->14723 14715->14723 14717 10007a2c ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J 14718 100079d7 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N ?uncaught_exception@std@ 14717->14718 14719 10007a4b 14717->14719 14720 10007a97 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 14718->14720 14721 10006830 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z 14718->14721 14719->14718 14725 10007af3 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 14719->14725 14720->14721 14721->14593 14722 10007a22 14722->14717 14722->14718 14723->14717 14723->14718 14723->14722 14724 100079ff ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 14723->14724 14724->14722 14724->14723 14725->14718 14725->14719 14727 1000d564 ?_Xout_of_range@std@@YAXPBD 14726->14727 14728 1000d56f 14726->14728 14727->14728 14729 1000d583 ?_Xlength_error@std@@YAXPBD 14728->14729 14730 1000d58e 14728->14730 14729->14730 14731 1000d7c0 9 API calls 14730->14731 14734 1000d5d7 14730->14734 14732 1000d59d 14731->14732 14733 1000d5bb memcpy 14732->14733 14732->14734 14733->14734 14734->14591 14736 1000d7d0 14735->14736 14737 1000d7c5 ?_Xlength_error@std@@YAXPBD 14735->14737 14738 1000d7eb 14736->14738 14739 1000d650 8 API calls 14736->14739 14737->14736 14738->14703 14740 1000d7e2 14739->14740 14740->14703 14760 10009610 14741->14760 14744 100084ee 14782 10009ab0 ??2@YAPAXI 14744->14782 14745 10007d4f 14745->14603 14745->14604 14748 100084fb 14748->14745 14751 10008310 strchr 14748->14751 14752 10009610 142 API calls 14748->14752 14753 10008560 ??2@YAPAXI 14748->14753 14754 10008658 ??2@YAPAXI 14748->14754 14755 100085d3 ??2@YAPAXI 14748->14755 14750 100086b0 ??2@YAPAXI 14750->14744 14751->14748 14752->14748 14753->14748 14754->14748 14755->14748 14757 100086c0 ??2@YAPAXI 14756->14757 14759 10007d6a ??2@YAPAXI 14757->14759 14759->14607 14761 100084d0 14760->14761 14778 10009623 14760->14778 14761->14744 14761->14745 14780 10009a50 ??2@YAPAXI 14761->14780 14762 10009666 ??2@YAPAXI 14762->14778 14763 10009651 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14763->14778 14768 100099f5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14768->14778 14771 1000ac80 ??2@YAPAXI 14771->14778 14772 10009867 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14772->14778 14773 1000990f ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14773->14778 14774 100099bf ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14774->14778 14775 10008310 strchr 14775->14778 14776 100099d2 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14776->14778 14778->14761 14778->14762 14778->14763 14778->14768 14778->14771 14778->14772 14778->14773 14778->14774 14778->14775 14778->14776 14779 100095c0 strchr 14778->14779 14786 1000a930 14778->14786 14808 1000a850 14778->14808 14822 1000a9e0 14778->14822 14847 1000aa90 14778->14847 14873 1000abc0 ??2@YAPAXI 14778->14873 14875 1000ac20 ??2@YAPAXI 14778->14875 14877 1000ace0 14778->14877 14779->14778 14781 100084e6 14780->14781 14781->14750 14783 10009ac6 ??2@YAPAXI 14782->14783 14785 10009b16 14783->14785 14785->14748 14787 1000a9b1 14786->14787 14788 1000a93c 14786->14788 14901 1000b460 14787->14901 14895 1000ba60 14788->14895 14791 1000a9b8 14793 1000a963 14791->14793 14796 1000a9bc 14791->14796 14799 1000ace0 52 API calls 14793->14799 14794 1000a951 14797 1000a973 14794->14797 14798 1000a95a 14794->14798 14795 1000a9d1 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14802 1000a9dc 14795->14802 14796->14795 14935 1000b160 14796->14935 14804 1000a9a4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14797->14804 14805 1000a999 14797->14805 14798->14793 14798->14795 14801 1000a971 14799->14801 14801->14778 14802->14778 14803 1000a9cd 14803->14795 14803->14802 14804->14778 14899 1000b7d0 ??2@YAPAXI 14805->14899 14809 1000b760 ??2@YAPAXI 14808->14809 14813 1000a85d 14809->14813 14810 1000a8ac 14811 1000a917 14810->14811 14815 1000a8d0 14810->14815 14816 1000a8c9 14810->14816 15058 1000b2a0 14811->15058 14812 10008310 strchr 14812->14810 14813->14810 14813->14812 15043 1000c3a0 14815->15043 15031 1000c2b0 14816->15031 14817 1000a91e 14817->14778 14820 10008310 strchr 14820->14811 14821 1000a8ce 14821->14820 14823 1000aa06 14822->14823 14824 1000a9ee 14822->14824 14826 1000aa6d 14823->14826 14827 1000aa10 14823->14827 14824->14823 14825 1000a9f4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14824->14825 14825->14778 14828 1000aa26 14826->14828 14829 1000aa77 14826->14829 14830 100095c0 strchr 14827->14830 15212 1000b6b0 ??2@YAPAXI 14828->15212 15225 1000b610 14829->15225 14833 1000aa17 14830->14833 14836 100095c0 strchr 14833->14836 14837 1000aa21 14836->14837 14837->14828 14838 1000aa33 14837->14838 14839 1000aa47 14838->14839 14840 1000aa38 14838->14840 14842 1000aa5b ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14839->14842 14843 1000aa4c 14839->14843 15218 1000b730 14840->15218 14842->14778 14845 1000b730 143 API calls 14843->14845 14846 1000aa54 14845->14846 14846->14778 14849 1000aaa6 14847->14849 14852 1000aaab 14847->14852 14848 10008310 strchr 14851 1000ab88 14848->14851 14850 1000abba 14849->14850 14849->14852 14853 100095c0 strchr 14849->14853 14850->14778 14854 1000abae 14851->14854 14856 1000ab97 14851->14856 14852->14848 14855 1000aad0 14853->14855 14857 1000b830 54 API calls 14854->14857 14858 1000ba60 strchr 14855->14858 14859 100095c0 strchr 14856->14859 14857->14850 14860 1000aade 14858->14860 14861 1000ab9e 14859->14861 14862 1000aae5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14860->14862 14864 1000aaf0 14860->14864 15240 1000b830 14861->15240 14862->14864 14866 100095c0 strchr 14864->14866 14869 1000aafa 14864->14869 14868 1000ab05 14866->14868 14867 1000ab36 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14867->14852 14868->14869 15237 1000b140 14868->15237 14869->14852 14869->14867 14872 1000ab16 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14872->14869 14874 1000abd1 14873->14874 14874->14778 14876 1000ac31 14875->14876 14876->14778 14878 1000ad11 14877->14878 14879 1000ad1e 14878->14879 15247 1000b930 ??2@YAPAXI 14878->15247 14881 1000ad28 14879->14881 14882 1000ad7f 14879->14882 14883 1000ad6e ?tolower@?$ctype@D@std@@QBEDD 14881->14883 15249 10008b50 ?_Incref@facet@locale@std@ 14881->15249 14884 1000ad92 14882->14884 15250 10008730 14882->15250 14883->14884 14886 1000ada0 realloc 14884->14886 14887 1000adbd 14884->14887 14886->14887 14889 1000adb7 ?_Xmem@tr1@std@ 14886->14889 14887->14778 14889->14887 14890 1000ad3b 14891 1000d120 9 API calls 14890->14891 14892 1000ad49 14891->14892 14892->14883 14893 1000ad5a ?_Decref@facet@locale@std@@QAEPAV123 14892->14893 14893->14883 14894 1000ad64 14893->14894 14894->14883 14896 1000a94a 14895->14896 14898 1000ba7b 14895->14898 14896->14787 14896->14794 14897 10008310 strchr 14897->14898 14898->14896 14898->14897 14900 1000a9a2 14899->14900 14900->14778 14903 1000b475 14901->14903 14902 1000b521 14904 1000b576 14902->14904 14905 1000b530 14902->14905 14903->14902 14910 1000b47c 14903->14910 14906 1000b59d 14904->14906 14909 1000b582 14904->14909 14951 100095c0 14905->14951 14908 1000b5c4 14906->14908 14912 1000b5a9 14906->14912 14914 1000b604 14908->14914 14919 1000ba60 strchr 14908->14919 14915 100095c0 strchr 14909->14915 14913 10008310 strchr 14910->14913 14918 100095c0 strchr 14912->14918 14934 1000b51c 14913->14934 14966 1000bcc0 14914->14966 14920 1000b589 14915->14920 14924 1000b5b0 14918->14924 14925 1000b5da 14919->14925 14921 1000ba60 strchr 14920->14921 14931 1000b597 14921->14931 14922 1000b549 14928 1000b554 14922->14928 14929 1000b54d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14922->14929 14923 1000b60b 14923->14791 14930 1000ba60 strchr 14924->14930 14925->14914 14925->14931 14926 1000b5f8 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14927 1000b5ff 14926->14927 14927->14791 14933 100095c0 strchr 14928->14933 14929->14928 14930->14931 14932 1000b5e6 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14931->14932 14931->14934 14932->14934 14933->14934 14934->14926 14934->14927 15000 1000be90 14935->15000 14938 1000b1b0 14938->14803 14939 1000b1d4 15006 1000c6e0 14939->15006 14944 1000b1fa 14945 1000d120 9 API calls 14944->14945 14947 1000b208 14945->14947 14946 10008310 strchr 14948 1000b288 14946->14948 14949 1000b219 ?_Decref@facet@locale@std@@QAEPAV123 14947->14949 14950 1000b223 14947->14950 14948->14803 14949->14950 14950->14946 14954 100095cc 14951->14954 14952 10008310 strchr 14953 10009603 14952->14953 14955 10008800 14953->14955 14954->14952 14956 1000889e 14955->14956 14958 10008831 14955->14958 14959 100088ab 14956->14959 14988 10008a00 14956->14988 14957 1000886a 14957->14922 14958->14957 14977 10008b50 ?_Incref@facet@locale@std@ 14958->14977 14959->14922 14962 10008841 14978 1000d120 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 14962->14978 14964 1000884f 14964->14957 14965 10008860 ?_Decref@facet@locale@std@@QAEPAV123 14964->14965 14965->14957 14967 1000bcf0 14966->14967 14976 1000bd32 14966->14976 14967->14976 14999 10008b50 ?_Incref@facet@locale@std@ 14967->14999 14969 1000bd09 14971 1000d120 9 API calls 14969->14971 14970 1000be18 14970->14923 14973 1000bd17 14971->14973 14972 10008310 strchr 14974 1000be05 14972->14974 14975 1000bd28 ?_Decref@facet@locale@std@@QAEPAV123 14973->14975 14973->14976 14974->14923 14975->14976 14976->14970 14976->14972 14977->14962 14979 1000d178 14978->14979 14980 1000d193 14979->14980 14981 1000d188 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 14979->14981 14982 1000d1f7 ??1_Lockit@std@@QAE 14980->14982 14983 1000d1ac ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@ 14980->14983 14981->14980 14982->14964 14984 1000d1db ?_Incref@facet@locale@std@ 14983->14984 14985 1000d1bf ??0bad_cast@std@@QAE@PBD _CxxThrowException 14983->14985 14996 1000fabc ??2@YAPAXI 14984->14996 14985->14984 14989 10008a5d 14988->14989 14990 10008a2a 14988->14990 14989->14959 14998 10008b50 ?_Incref@facet@locale@std@ 14990->14998 14992 10008a34 14993 1000d120 9 API calls 14992->14993 14994 10008a42 14993->14994 14994->14989 14995 10008a53 ?_Decref@facet@locale@std@@QAEPAV123 14994->14995 14995->14989 14997 1000d1f4 14996->14997 14997->14982 14998->14992 14999->14969 15001 1000bea3 15000->15001 15002 1000b1a8 15000->15002 15001->15002 15012 1000c760 15001->15012 15002->14938 15002->14939 15004 1000b760 ??2@YAPAXI 15002->15004 15005 1000b771 15004->15005 15005->14939 15008 1000c6f0 15006->15008 15007 10008800 12 API calls 15007->15008 15008->15007 15009 1000c707 ??2@YAPAXI 15008->15009 15010 1000b1e1 15008->15010 15009->15008 15010->14950 15011 10008b50 ?_Incref@facet@locale@std@ 15010->15011 15011->14944 15013 1000c791 15012->15013 15014 1000c7ce ?tolower@?$ctype@D@std@@QBEDD 15012->15014 15029 10008b50 ?_Incref@facet@locale@std@ 15013->15029 15015 1000c823 ?tolower@?$ctype@D@std@@QBEDD 15014->15015 15016 1000c7e6 15014->15016 15015->15001 15030 10008b50 ?_Incref@facet@locale@std@ 15016->15030 15019 1000c79b 15021 1000d120 9 API calls 15019->15021 15020 1000c7f0 15022 1000d120 9 API calls 15020->15022 15023 1000c7a9 15021->15023 15024 1000c7fe 15022->15024 15023->15014 15025 1000c7ba ?_Decref@facet@locale@std@@QAEPAV123 15023->15025 15024->15015 15027 1000c80f ?_Decref@facet@locale@std@@QAEPAV123 15024->15027 15025->15014 15026 1000c7c4 15025->15026 15026->15014 15027->15015 15028 1000c819 15027->15028 15028->15015 15029->15019 15030->15020 15032 1000c337 15031->15032 15034 1000c2e1 15031->15034 15035 1000c340 ??2@YAPAXI 15032->15035 15036 1000c34f 15032->15036 15033 1000c327 ?tolower@?$ctype@D@std@@QBEDD 15033->15032 15034->15033 15082 10008b50 ?_Incref@facet@locale@std@ 15034->15082 15035->15036 15036->14821 15038 1000c2f4 15039 1000d120 9 API calls 15038->15039 15040 1000c302 15039->15040 15040->15033 15041 1000c313 ?_Decref@facet@locale@std@@QAEPAV123 15040->15041 15041->15033 15042 1000c31d 15041->15042 15042->15033 15044 1000c429 15043->15044 15047 1000c3d1 15043->15047 15045 1000c433 ??2@YAPAXI 15044->15045 15049 1000c442 15044->15049 15045->15049 15046 1000c417 ?tolower@?$ctype@D@std@@QBEDD 15046->15044 15047->15046 15083 10008b50 ?_Incref@facet@locale@std@ 15047->15083 15050 1000c45b realloc 15049->15050 15051 1000c478 15049->15051 15050->15051 15053 1000c472 ?_Xmem@tr1@std@ 15050->15053 15051->14821 15052 1000c3e4 15054 1000d120 9 API calls 15052->15054 15053->15051 15055 1000c3f2 15054->15055 15055->15046 15056 1000c403 ?_Decref@facet@locale@std@@QAEPAV123 15055->15056 15056->15046 15057 1000c40d 15056->15057 15057->15046 15084 1000bb30 15058->15084 15060 1000b2d9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15062 1000b2b0 15060->15062 15061 1000b3f7 15061->14817 15062->15060 15062->15061 15063 1000c3a0 15 API calls 15062->15063 15064 10008310 strchr 15062->15064 15065 1000c2b0 13 API calls 15062->15065 15066 1000bb30 85 API calls 15062->15066 15067 1000b3fe 15062->15067 15068 1000b351 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15062->15068 15072 1000b398 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15062->15072 15080 10008730 39 API calls 15062->15080 15114 1000bf40 15062->15114 15063->15062 15064->15062 15065->15062 15066->15062 15069 1000b425 15067->15069 15070 1000b419 15067->15070 15068->15062 15071 1000c3a0 15 API calls 15069->15071 15073 1000c2b0 13 API calls 15070->15073 15074 1000b423 15071->15074 15072->15062 15073->15074 15076 1000b445 15074->15076 15077 1000b439 15074->15077 15079 1000c3a0 15 API calls 15076->15079 15078 1000c2b0 13 API calls 15077->15078 15081 1000b43e 15078->15081 15079->15061 15080->15062 15081->14817 15082->15038 15083->15052 15085 1000bc01 15084->15085 15096 1000bb41 15084->15096 15086 1000bc95 15085->15086 15091 1000bc0a 15085->15091 15087 1000bcb8 15086->15087 15092 100095c0 strchr 15086->15092 15087->15062 15088 10008310 strchr 15089 1000bb81 15088->15089 15093 1000bb96 15089->15093 15094 1000bb8b 15089->15094 15090 10008310 strchr 15095 1000bc4a 15090->15095 15091->15090 15097 1000bcaf 15092->15097 15101 1000bbf1 15093->15101 15104 1000bbd4 15093->15104 15105 1000bbbb 15093->15105 15145 1000c620 15094->15145 15100 100095c0 strchr 15095->15100 15102 1000bc5c 15095->15102 15096->15088 15097->15062 15099 1000bb92 15099->15062 15103 1000bc75 15100->15103 15101->15062 15102->15062 15162 1000c4a0 15103->15162 15104->15101 15109 100095c0 strchr 15104->15109 15106 100095c0 strchr 15105->15106 15108 1000bbcb 15106->15108 15108->15062 15111 1000bbe8 15109->15111 15111->15062 15115 1000bf7b 15114->15115 15136 1000c035 15114->15136 15116 1000bfc4 ?tolower@?$ctype@D@std@@QBEDD 15115->15116 15210 10008b50 ?_Incref@facet@locale@std@ 15115->15210 15119 1000bfe1 15116->15119 15120 1000c01e ?tolower@?$ctype@D@std@@QBEDD 15116->15120 15118 1000c0b1 15122 1000c102 15118->15122 15142 1000c0c4 15118->15142 15211 10008b50 ?_Incref@facet@locale@std@ 15119->15211 15120->15136 15121 1000bf8e 15124 1000d120 9 API calls 15121->15124 15125 1000c109 ??2@YAPAXI 15122->15125 15126 1000c118 15122->15126 15128 1000bf9c 15124->15128 15125->15126 15129 1000c158 15126->15129 15130 1000c134 realloc 15126->15130 15127 1000bfeb 15131 1000d120 9 API calls 15127->15131 15132 1000bfb7 15128->15132 15133 1000bfad ?_Decref@facet@locale@std@@QAEPAV123 15128->15133 15139 1000c179 realloc 15129->15139 15144 1000c0ee 15129->15144 15130->15129 15137 1000c14f ?_Xmem@tr1@std@ 15130->15137 15138 1000bff9 15131->15138 15132->15116 15133->15132 15134 1000c3a0 15 API calls 15134->15142 15135 1000c061 ??2@YAPAXI 15135->15136 15136->15118 15136->15135 15137->15129 15138->15120 15141 1000c00a ?_Decref@facet@locale@std@@QAEPAV123 15138->15141 15140 1000c190 ?_Xmem@tr1@std@ 15139->15140 15139->15144 15140->15144 15141->15120 15143 1000c014 15141->15143 15142->15134 15142->15144 15143->15120 15144->15062 15146 1000c682 15145->15146 15147 1000c62e 15145->15147 15148 1000c692 15146->15148 15150 1000b160 20 API calls 15146->15150 15147->15146 15149 1000c634 15147->15149 15151 1000ba60 strchr 15148->15151 15155 1000c696 15148->15155 15152 10008310 strchr 15149->15152 15150->15148 15153 1000c6ab 15151->15153 15154 1000c67b 15152->15154 15156 1000c6b2 15153->15156 15157 1000c6cb 15153->15157 15154->15099 15155->15099 15158 1000c6c4 15156->15158 15159 1000c6b9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15156->15159 15160 1000b460 17 API calls 15157->15160 15158->15099 15159->15158 15161 1000c6d2 15160->15161 15161->15099 15163 1000c50e 15162->15163 15184 1000c4ba 15162->15184 15165 1000c513 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15163->15165 15166 1000c524 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15163->15166 15164 1000c508 15164->15163 15167 1000c540 15164->15167 15173 1000c580 15165->15173 15166->15173 15168 1000c582 15167->15168 15169 1000c545 15167->15169 15174 1000c5a5 15168->15174 15175 1000c587 15168->15175 15172 1000be90 14 API calls 15169->15172 15170 10008310 strchr 15170->15184 15171 10008310 strchr 15176 1000bc7e 15171->15176 15177 1000c560 15172->15177 15173->15171 15174->15173 15180 1000c5b0 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15174->15180 15181 1000c5bd 15174->15181 15178 1000c59a 15175->15178 15179 1000c58d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15175->15179 15188 1000a7f0 15176->15188 15182 1000c573 15177->15182 15183 1000c568 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15177->15183 15193 1000c9c0 15178->15193 15179->15173 15180->15173 15204 1000cb20 15181->15204 15187 1000c6e0 13 API calls 15182->15187 15183->15182 15184->15164 15184->15170 15187->15173 15189 1000a7fe ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15188->15189 15192 1000a808 15188->15192 15189->15192 15190 10008310 strchr 15191 1000a848 15190->15191 15191->15062 15192->15190 15194 1000cb90 58 API calls 15193->15194 15198 1000ca00 15194->15198 15195 1000cb90 58 API calls 15195->15198 15196 1000ca77 ??3@YAXPAX 15196->15198 15197 1000ca91 ??2@YAPAXI 15197->15198 15198->15195 15198->15196 15198->15197 15199 1000caed 15198->15199 15200 1000cb00 15199->15200 15201 1000caf3 ??3@YAXPAX 15199->15201 15202 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15200->15202 15201->15200 15203 1000cb17 15202->15203 15203->15173 15205 1000cb31 15204->15205 15206 1000cb4a ??2@YAPAXI 15204->15206 15205->15206 15207 1000cb5b 15205->15207 15206->15207 15208 1000cd10 realloc ?_Xmem@tr1@std@ 15207->15208 15209 1000cb81 15208->15209 15209->15173 15210->15121 15211->15127 15213 1000b6cd 15212->15213 15214 100084b0 144 API calls 15213->15214 15215 1000b715 15214->15215 15216 100086b0 ??2@YAPAXI 15215->15216 15217 1000aa2c 15216->15217 15217->14778 15233 1000c1c0 ??2@YAPAXI 15218->15233 15221 100084b0 145 API calls 15222 1000b74d 15221->15222 15223 100086b0 ??2@YAPAXI 15222->15223 15224 1000aa40 15223->15224 15224->14778 15226 1000b622 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15225->15226 15227 1000b62d ??2@YAPAXI 15225->15227 15226->15227 15228 1000b644 15227->15228 15229 100084b0 143 API calls 15228->15229 15230 1000b68f 15229->15230 15231 100086b0 ??2@YAPAXI 15230->15231 15232 1000aa7c 15231->15232 15232->14778 15234 1000c1fc ??2@YAPAXI 15233->15234 15236 1000b744 15234->15236 15236->15221 15238 1000ba60 strchr 15237->15238 15239 1000ab12 15238->15239 15239->14869 15239->14872 15241 1000b858 ??2@YAPAXI 15240->15241 15242 1000b83d 15240->15242 15243 1000b871 ??2@YAPAXI 15241->15243 15242->15241 15245 1000ace0 52 API calls 15242->15245 15246 1000abaa 15243->15246 15245->15241 15246->14778 15248 1000b941 15247->15248 15248->14879 15249->14890 15251 1000875f 15250->15251 15255 10008793 15250->15255 15262 10008b50 ?_Incref@facet@locale@std@ 15251->15262 15253 10008769 15263 10009b60 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 15253->15263 15257 100087d9 15255->15257 15258 100087cf ??3@YAXPAX 15255->15258 15256 10008776 15256->15255 15259 10008789 ?_Decref@facet@locale@std@@QAEPAV123 15256->15259 15260 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15257->15260 15258->15257 15259->15255 15261 100087f2 15260->15261 15261->14884 15262->15253 15264 10009bbb 15263->15264 15265 10009bcb ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 15264->15265 15267 10009bd6 15264->15267 15265->15267 15266 10009c37 ??1_Lockit@std@@QAE 15266->15256 15267->15266 15268 10009bec 15267->15268 15274 10009c80 15267->15274 15268->15266 15271 10009c01 ??0bad_cast@std@@QAE@PBD _CxxThrowException 15272 10009c1d ?_Incref@facet@locale@std@ 15271->15272 15273 1000fabc std::locale::facet::_Facet_Register ??2@YAPAXI 15272->15273 15273->15268 15275 10009d81 15274->15275 15276 10009cc3 15274->15276 15277 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15275->15277 15276->15275 15278 10009ccb ??2@YAPAXI 15276->15278 15279 10009bf9 15277->15279 15280 10009ce2 15278->15280 15281 10009d4a 15278->15281 15279->15271 15279->15272 15288 1000d090 15280->15288 15284 10009d69 15281->15284 15285 10009d5a ??1_Locinfo@std@@QAE 15281->15285 15284->15275 15287 10009d74 ??3@YAXPAX 15284->15287 15285->15284 15287->15275 15289 1000d0a6 15288->15289 15290 1000d460 15 API calls 15289->15290 15291 10009ced ??0_Locinfo@std@@QAE@PBD ??0facet@locale@std@@IAE@I ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@ 15290->15291 15291->15281 15293 10007e40 15292->15293 15293->15293 15294 10007e6b ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ 15293->15294 15294->14612 15311 10008d30 15295->15311 15299 10007bc6 15299->14622 15300 10007ef0 15299->15300 15301 10007f03 15300->15301 15302 10007fe8 15301->15302 15305 10008154 15301->15305 15306 10007f37 15301->15306 15308 10007f8b 15301->15308 15302->15306 15307 10008730 39 API calls 15302->15307 15309 10008800 12 API calls 15302->15309 15310 100092b0 64 API calls 15302->15310 15303 100091b0 53 API calls 15303->15308 15304 10007ef0 76 API calls 15304->15305 15305->15304 15305->15306 15306->14623 15307->15302 15308->15303 15308->15306 15309->15302 15310->15302 15320 10008217 15311->15320 15321 10008d4e 15311->15321 15312 1000912a ??0exception@std@@QAE@ABQBD _CxxThrowException 15316 10008d30 82 API calls 15316->15321 15318 10008e0c strchr 15318->15321 15320->15299 15323 10008a80 15320->15323 15321->15312 15321->15316 15321->15318 15321->15320 15322 10008e34 strchr 15321->15322 15327 100091b0 15321->15327 15335 1000a040 15321->15335 15351 1000a2f0 15321->15351 15359 10009db0 15321->15359 15363 10009e50 15321->15363 15322->15321 15324 10008ae5 15323->15324 15326 10008aa5 15323->15326 15324->15326 15481 10008b60 15324->15481 15326->15299 15328 100091c9 15327->15328 15330 100091eb 15327->15330 15379 1000a380 15328->15379 15331 10009216 15330->15331 15390 1000a570 15330->15390 15331->15321 15336 1000a07e 15335->15336 15339 1000a0de 15335->15339 15337 1000a0cb ?tolower@?$ctype@D@std@@QBEDD 15336->15337 15394 10008b50 ?_Incref@facet@locale@std@ 15336->15394 15337->15339 15341 1000a10b 15339->15341 15342 10008730 39 API calls 15339->15342 15347 1000a136 15339->15347 15340 1000a095 15343 1000d120 9 API calls 15340->15343 15341->15321 15342->15347 15344 1000a0a3 15343->15344 15344->15337 15345 1000a0b7 ?_Decref@facet@locale@std@@QAEPAV123 15344->15345 15345->15337 15348 1000a0c1 15345->15348 15346 10008800 12 API calls 15349 1000a1ec 15346->15349 15347->15341 15347->15346 15347->15349 15348->15337 15349->15341 15395 100092b0 15349->15395 15352 1000a328 15351->15352 15353 1000a308 15351->15353 15355 1000a34f 15352->15355 15477 1000b030 15352->15477 15466 1000ae40 15353->15466 15355->15321 15361 10009ddf 15359->15361 15362 10009e25 15359->15362 15360 10008d30 86 API calls 15360->15361 15361->15360 15361->15362 15362->15321 15364 10009e93 15363->15364 15365 10009ec8 15363->15365 15364->15365 15366 10008d30 86 API calls 15364->15366 15368 10009f1d 15364->15368 15367 10008d30 86 API calls 15365->15367 15366->15364 15374 10009efe 15367->15374 15370 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15368->15370 15369 10009f08 15371 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15369->15371 15372 10009f37 15370->15372 15375 10009f17 15371->15375 15372->15321 15373 1000a009 15376 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15373->15376 15374->15369 15374->15373 15378 10008d30 86 API calls 15374->15378 15375->15321 15377 1000a038 15376->15377 15377->15321 15378->15374 15380 1000a522 15379->15380 15387 1000a3c5 15379->15387 15382 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15380->15382 15381 10008b50 ?_Incref@facet@locale@std@ 15381->15387 15383 100091dc 15382->15383 15383->15321 15384 10009b60 36 API calls 15384->15387 15385 1000a456 ??3@YAXPAX 15385->15387 15386 1000a40d ?_Decref@facet@locale@std@@QAEPAV123 15386->15387 15387->15380 15387->15381 15387->15384 15387->15385 15387->15386 15388 1000a4ed ??3@YAXPAX 15387->15388 15389 1000a4a7 ?_Decref@facet@locale@std@@QAEPAV123 15387->15389 15388->15387 15389->15387 15391 1000a58b 15390->15391 15393 10009207 15390->15393 15392 1000c760 14 API calls 15391->15392 15391->15393 15392->15391 15393->15321 15394->15340 15418 1000a670 15395->15418 15400 1000933d ??3@YAXPAX 15413 1000934a 15400->15413 15401 100094df 15402 100094f1 15401->15402 15403 100094e4 ??3@YAXPAX 15401->15403 15404 10009515 15402->15404 15405 10009508 ??3@YAXPAX 15402->15405 15403->15402 15407 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15404->15407 15405->15404 15406 1000d460 15 API calls 15406->15413 15408 1000952f 15407->15408 15408->15341 15409 1000a670 56 API calls 15409->15413 15410 10009405 ??3@YAXPAX 15410->15413 15411 100093ab ??3@YAXPAX 15411->15413 15412 100093cc memmove 15412->15413 15413->15401 15413->15406 15413->15409 15413->15410 15413->15411 15413->15412 15414 10009533 15413->15414 15415 1000954a 15414->15415 15416 1000953d ??3@YAXPAX 15414->15416 15415->15404 15417 10009561 ??3@YAXPAX 15415->15417 15416->15415 15417->15404 15419 1000a7c5 15418->15419 15420 1000a6cd 15418->15420 15422 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15419->15422 15450 1000b9f0 15420->15450 15424 10009321 15422->15424 15444 1000d240 15424->15444 15425 1000a733 ?tolower@?$ctype@D@std@@QBEPBDPADPBD 15427 1000a778 15425->15427 15428 1000a74a 15425->15428 15434 1000d240 2 API calls 15427->15434 15454 10008b50 ?_Incref@facet@locale@std@ 15428->15454 15429 1000a704 15431 1000d120 9 API calls 15429->15431 15433 1000a70f 15431->15433 15432 1000a754 15435 10009b60 36 API calls 15432->15435 15437 1000a727 15433->15437 15438 1000a71d ?_Decref@facet@locale@std@@QAEPAV123 15433->15438 15439 1000a7a3 15434->15439 15436 1000a75e 15435->15436 15436->15427 15440 1000a76e ?_Decref@facet@locale@std@@QAEPAV123 15436->15440 15437->15425 15438->15437 15441 1000a7b8 15439->15441 15442 1000a7af ??3@YAXPAX 15439->15442 15440->15427 15441->15419 15443 1000a7bf ??3@YAXPAX 15441->15443 15442->15441 15443->15419 15445 1000d244 15444->15445 15449 1000932f 15444->15449 15446 1000d256 15445->15446 15447 1000d24a ??3@YAXPAX 15445->15447 15448 1000d26d memmove 15446->15448 15446->15449 15447->15446 15448->15449 15449->15400 15449->15413 15455 1000c850 15450->15455 15452 1000a6e5 15452->15425 15453 10008b50 ?_Incref@facet@locale@std@ 15452->15453 15453->15429 15454->15432 15456 1000c889 15455->15456 15458 1000c979 15455->15458 15457 1000c897 ?_Xlength_error@std@@YAXPBD 15456->15457 15459 1000c8a2 15456->15459 15457->15459 15458->15452 15459->15458 15460 1000d600 ??2@YAPAXI ??0exception@std@@QAE@ABQBD _CxxThrowException 15459->15460 15461 1000c8e1 memmove 15460->15461 15462 1000cd80 15461->15462 15463 1000c90e memmove 15462->15463 15464 1000c932 ??3@YAXPAX 15463->15464 15465 1000c93c 15463->15465 15464->15465 15465->15452 15467 1000afe2 15466->15467 15470 1000ae82 15466->15470 15469 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15467->15469 15468 10008b50 ?_Incref@facet@locale@std@ 15468->15470 15472 1000a31c 15469->15472 15470->15467 15470->15468 15471 10009b60 36 API calls 15470->15471 15473 1000aed3 ?_Decref@facet@locale@std@@QAEPAV123 15470->15473 15474 1000af1c ??3@YAXPAX 15470->15474 15475 1000af6d ?_Decref@facet@locale@std@@QAEPAV123 15470->15475 15476 1000afb3 ??3@YAXPAX 15470->15476 15471->15470 15472->15321 15473->15470 15474->15470 15475->15470 15476->15470 15478 1000a343 15477->15478 15480 1000b044 15477->15480 15478->15321 15479 1000c760 14 API calls 15479->15480 15480->15478 15480->15479 15482 10008b8b ?_Xlength_error@std@@YAXPBD 15481->15482 15484 10008b96 15481->15484 15482->15484 15483 10008bd2 15483->15326 15484->15483 15486 10008be0 15484->15486 15487 10008c23 15486->15487 15488 10008c18 ?_Xlength_error@std@@YAXPBD 15486->15488 15491 10008c81 15487->15491 15493 10008cd0 15487->15493 15488->15487 15490 10008c41 15490->15491 15492 10008c77 ??3@YAXPAX 15490->15492 15491->15483 15492->15491 15494 10008d22 15493->15494 15495 10008cdc 15493->15495 15494->15490 15496 10008ce4 ??2@YAPAXI 15495->15496 15497 10008cf9 ??0exception@std@@QAE@ABQBD _CxxThrowException 15495->15497 15496->15494 15496->15497 15497->15494 15499 10001111 ceil VirtualAlloc 15498->15499 15500 1000110b 15498->15500 15502 10001170 memcpy 15499->15502 15500->14637 15504 10001199 15502->15504 15505 1000118b VirtualFree 15502->15505 15504->14637 15505->15504 15507 10001071 15506->15507 15508 10001100 4 API calls 15507->15508 15509 10001081 memcpy 15508->15509 15510 10001098 15509->15510 15511 10003290 15510->15511 15515 100032ed 15511->15515 15516 100032ab 15511->15516 15512 1000324f 15517 100011b0 15512->15517 15513 100032f3 send 15513->15512 15513->15515 15514 100032b2 send 15514->15516 15515->15512 15515->15513 15516->15512 15516->15514 15516->15515 15518 100011bd 15517->15518 15519 100011c6 15518->15519 15520 100011dd ceil 15518->15520 15519->14645 15521 10001215 15520->15521 15522 1000121c VirtualAlloc 15520->15522 15521->14645 15523 10001237 memcpy VirtualFree 15522->15523 15523->14645 15526 1000781c 15525->15526 15527 1000783e 15525->15527 15526->15527 15528 1000d460 15 API calls 15526->15528 15529 1000d240 2 API calls 15527->15529 15528->15527 15530 10007882 15529->15530 15531 100078a2 ??3@YAXPAX 15530->15531 15533 100078ae 15530->15533 15531->15533 15532 100078d2 15535 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15532->15535 15533->15532 15534 100078c9 ??3@YAXPAX 15533->15534 15534->15532 15536 10006dd1 15535->15536 15536->14650 15538 1000d34a ?_Xout_of_range@std@@YAXPBD 15537->15538 15540 1000d355 15537->15540 15538->15540 15539 1000d39e 15539->14658 15540->15539 15541 1000d37b memmove 15540->15541 15541->15539 15543 1000f51e SetThreadDesktop 15542->15543 15545 1000f516 15542->15545 15544 1000f529 CloseDesktop 15543->15544 15543->15545 15544->15545 15546 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15545->15546 15547 1000f55a 15546->15547 15547->14412 15547->14413 15548 10003030 15555 10003053 15548->15555 15549 10003107 15552 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15549->15552 15550 100030fd ??_V@YAXPAX 15550->15549 15551 10003094 select 15551->15555 15556 100030e8 15551->15556 15554 10003114 15552->15554 15553 100030b2 recv 15553->15555 15555->15551 15555->15553 15555->15556 15557 100030d0 _errno 15555->15557 15561 10003390 15555->15561 15556->15549 15556->15550 15557->15555 15559 100030d7 _errno 15557->15559 15559->15555 15560 100030e1 _errno 15559->15560 15560->15555 15560->15556 15562 100033a6 15561->15562 15563 10001100 4 API calls 15562->15563 15564 100033b8 memcpy 15563->15564 15573 100033d0 15564->15573 15565 10003522 15565->15555 15566 10003507 15567 100011b0 4 API calls 15566->15567 15568 10003519 15567->15568 15568->15555 15569 10003443 timeGetTime 15570 100011b0 4 API calls 15569->15570 15570->15573 15571 10001060 5 API calls 15571->15573 15572 100034cd memmove 15572->15573 15573->15565 15573->15566 15573->15569 15573->15571 15573->15572 15574 100011b0 ceil VirtualAlloc memcpy VirtualFree 15573->15574 15574->15573 15575 10003130 15576 1000317a 15575->15576 15578 10003144 15575->15578 15577 10003158 Sleep 15577->15578 15578->15576 15578->15577 15579 10003190 14 API calls 15578->15579 15579->15578 15580 10011150 15587 10010540 15580->15587 15585 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15586 10011193 15585->15586 15588 100105c0 WSAStartup 15587->15588 15589 1000fc4b 15588->15589 15592 1000fbaa 15589->15592 15591 1000fc58 15591->15585 15599 10010230 15592->15599 15594 1000fbb6 DecodePointer 15595 1000fbd8 7 API calls 15594->15595 15596 1000fbcc _onexit 15594->15596 15600 1000fc42 _unlock 15595->15600 15597 1000fc39 __onexit 15596->15597 15597->15591 15599->15594 15600->15597 15601 30c0000 15604 30c0010 15601->15604 15607 30c0040 15604->15607 15606 30c000a 15626 30c0810 15607->15626 15609 30c0048 15648 30c0430 15609->15648 15611 30c005a 15612 30c0070 15611->15612 15613 30c0063 15611->15613 15676 30c0590 15612->15676 15741 30c0640 15613->15741 15618 30c008f 15679 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 15618->15679 15619 30c0082 15620 30c0640 LoadLibraryA 15619->15620 15621 30c0088 15620->15621 15621->15606 15623 30c0640 LoadLibraryA 15624 30c0098 15623->15624 15624->15606 15627 30c08a4 15626->15627 15744 30c07a0 15627->15744 15629 30c1110 15630 30c07a0 LoadLibraryA 15629->15630 15631 30c1131 15630->15631 15632 30c07a0 LoadLibraryA 15631->15632 15633 30c1197 15632->15633 15634 30c07a0 LoadLibraryA 15633->15634 15635 30c11b5 15634->15635 15636 30c07a0 LoadLibraryA 15635->15636 15637 30c11ff 15636->15637 15638 30c07a0 LoadLibraryA 15637->15638 15639 30c1289 15638->15639 15640 30c07a0 LoadLibraryA 15639->15640 15641 30c12aa 15640->15641 15642 30c07a0 LoadLibraryA 15641->15642 15643 30c12cb 15642->15643 15644 30c07a0 LoadLibraryA 15643->15644 15645 30c12ec 15644->15645 15646 30c07a0 LoadLibraryA 15645->15646 15647 30c13ed 15646->15647 15647->15609 15649 30c0810 LoadLibraryA 15648->15649 15650 30c043a 15649->15650 15651 30c0447 15650->15651 15652 30c0462 VirtualAlloc 15650->15652 15651->15611 15653 30c047a 15652->15653 15654 30c048f 15653->15654 15655 30c04a0 VirtualAlloc VirtualAlloc 15653->15655 15654->15611 15656 30c04e2 15655->15656 15747 30c00b0 15656->15747 15658 30c04fc 15752 30c0300 15658->15752 15661 30c0530 15757 30c0160 15661->15757 15662 30c0520 15663 30c0640 LoadLibraryA 15662->15663 15665 30c0525 15663->15665 15665->15611 15667 30c0574 15667->15611 15668 30c0558 15763 1000ffdc 15668->15763 15669 30c0547 15670 30c0640 LoadLibraryA 15669->15670 15671 30c054d 15670->15671 15671->15611 15673 30c0640 LoadLibraryA 15674 30c0569 15673->15674 15674->15611 15677 30c0810 LoadLibraryA 15676->15677 15678 30c007b 15677->15678 15678->15618 15678->15619 15680 1000e65e 15679->15680 15681 1000e64f ??2@YAPAXI 15679->15681 15806 10005180 RegCreateKeyA 15680->15806 15681->15680 15684 1000e69d 15817 1000de90 15684->15817 15685 1000e75f 15686 1000e764 GetModuleFileNameA 15685->15686 15687 1000e785 15685->15687 15689 1000e742 SetFileAttributesA CreateThread 15686->15689 15690 1000e791 OutputDebugStringA 15687->15690 15691 1000e78a OutputDebugStringA 15687->15691 15689->15690 15947 1000e530 15689->15947 15693 1000e923 15690->15693 15694 1000e7a5 15690->15694 15691->15690 15699 1000eb15 15693->15699 15700 1000e929 OutputDebugStringA _wcsicmp 15693->15700 15696 1000e7cc GetNativeSystemInfo 15694->15696 15697 1000e7ae ??2@YAPAXI 15694->15697 15695 1000de90 105 API calls 15698 1000e6b1 15695->15698 15706 1000e7e2 15696->15706 15707 1000e7e8 GetSystemWow64DirectoryA 15696->15707 15704 1000e7bd 15697->15704 15705 1000de90 105 API calls 15698->15705 15703 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15699->15703 15701 1000e967 _wcsicmp 15700->15701 15702 1000e94c 15700->15702 15701->15699 15710 1000e981 OutputDebugStringA 15701->15710 15861 1000dc20 15702->15861 15711 30c0092 15703->15711 15704->15696 15712 1000e6bb 15705->15712 15706->15707 15713 1000e7fd GetSystemDirectoryA 15706->15713 15708 1000e810 OutputDebugStringA 15707->15708 15714 1000e820 15708->15714 15715 1000e9b5 GetNativeSystemInfo 15710->15715 15716 1000e997 ??2@YAPAXI 15710->15716 15711->15623 15717 1000de90 105 API calls 15712->15717 15713->15708 15714->15714 15718 1000e828 SHGetFolderPathA sprintf_s CopyFileA 15714->15718 15719 1000e9d1 GetSystemWow64DirectoryA 15715->15719 15720 1000e9cb 15715->15720 15724 1000e9a6 15716->15724 15721 1000e6c5 15717->15721 15723 1000e8a4 15718->15723 15726 1000e9f9 OutputDebugStringA 15719->15726 15720->15719 15725 1000e9e6 GetSystemDirectoryA 15720->15725 15722 1000de90 105 API calls 15721->15722 15727 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 15722->15727 15723->15723 15728 1000e8ac OutputDebugStringA 15723->15728 15724->15715 15725->15726 15729 1000ea08 15726->15729 15727->15689 15730 1000e8e8 15728->15730 15731 1000e8d9 ??2@YAPAXI 15728->15731 15729->15729 15732 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 15729->15732 15867 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 15730->15867 15731->15730 15734 1000ea90 15732->15734 15734->15734 15735 1000ea98 OutputDebugStringA OutputDebugStringA 15734->15735 15737 1000eacc ??2@YAPAXI 15735->15737 15738 1000eadb 15735->15738 15736 1000e908 15739 1000e915 CloseHandle ExitProcess 15736->15739 15740 1000eb0f CloseHandle 15736->15740 15737->15738 15738->15740 15740->15699 15742 30c0810 LoadLibraryA 15741->15742 15743 30c0069 15742->15743 15743->15606 15745 30c07a8 15744->15745 15746 30c07f4 LoadLibraryA 15745->15746 15746->15629 15748 30c0810 LoadLibraryA 15747->15748 15750 30c00c0 15748->15750 15749 30c0159 15749->15658 15750->15749 15751 30c0111 VirtualAlloc 15750->15751 15751->15750 15753 30c0810 LoadLibraryA 15752->15753 15756 30c031c 15753->15756 15754 30c07a0 LoadLibraryA 15754->15756 15755 30c0404 15755->15661 15755->15662 15756->15754 15756->15755 15758 30c0810 LoadLibraryA 15757->15758 15762 30c0169 15758->15762 15759 30c026d 15759->15667 15759->15668 15759->15669 15760 30c01b3 VirtualFree 15760->15762 15761 30c023b VirtualProtect 15761->15762 15762->15759 15762->15760 15762->15761 15764 1000ffe7 15763->15764 15765 1000ffec 15763->15765 15777 10010474 15764->15777 15769 1000fec6 15765->15769 15768 30c055f 15768->15667 15768->15673 15770 1000fed2 __onexit 15769->15770 15771 1000fef9 ___DllMainCRTStartup __onexit 15770->15771 15775 1000ff2d ___DllMainCRTStartup 15770->15775 15781 1000fcbc 15770->15781 15771->15768 15773 1000ff5d 15773->15771 15774 1000fcbc __CRT_INIT@12 19 API calls 15773->15774 15774->15771 15775->15771 15775->15773 15776 1000fcbc __CRT_INIT@12 19 API calls 15775->15776 15776->15773 15778 100104a6 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 15777->15778 15779 10010499 15777->15779 15780 1001049d 15778->15780 15779->15778 15779->15780 15780->15765 15782 1000fccd 15781->15782 15783 1000fcff 15781->15783 15784 1000fde2 InterlockedCompareExchange 15782->15784 15787 1000fdec 15782->15787 15789 1000fdd7 Sleep 15782->15789 15802 1000fcf8 __IsNonwritableInCurrentImage 15782->15802 15785 1000fd35 InterlockedCompareExchange 15783->15785 15786 1000fd3d 15783->15786 15788 1000fd28 Sleep 15783->15788 15783->15802 15784->15782 15784->15787 15785->15783 15785->15786 15790 1000fd52 _amsg_exit 15786->15790 15791 1000fd5b _initterm_e 15786->15791 15792 1000fe0c DecodePointer 15787->15792 15793 1000fdff _amsg_exit 15787->15793 15788->15785 15789->15784 15794 1000fd94 15790->15794 15795 1000fd7e _initterm 15791->15795 15791->15802 15796 1000fe25 DecodePointer 15792->15796 15797 1000fea8 15792->15797 15793->15802 15800 1000fd9c InterlockedExchange 15794->15800 15794->15802 15795->15794 15798 1000fe38 15796->15798 15799 1000feb4 InterlockedExchange 15797->15799 15797->15802 15801 1000fe8e free _encoded_null 15798->15801 15803 1000fe45 _encoded_null 15798->15803 15799->15802 15800->15802 15801->15797 15802->15775 15803->15798 15804 1000fe4f DecodePointer _encoded_null 15803->15804 15805 1000fe61 DecodePointer DecodePointer 15804->15805 15805->15798 15807 10005291 15806->15807 15808 100051c4 RegQueryValueExA 15806->15808 15810 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15807->15810 15809 100051f8 15808->15809 15811 10005234 RegQueryValueExA 15809->15811 15813 10005217 RegSetValueExA 15809->15813 15812 100052a2 15810->15812 15814 10005262 15811->15814 15815 1000526b RegSetValueExA 15811->15815 15812->15684 15812->15685 15813->15811 15814->15815 15816 10005284 RegCloseKey 15814->15816 15815->15816 15816->15807 15887 10005720 CreateToolhelp32Snapshot Process32First 15817->15887 15820 1000deb5 OpenProcess 15821 1000e37b 15820->15821 15823 1000ded0 OpenProcessToken 15820->15823 15822 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15821->15822 15824 1000e388 15822->15824 15825 1000e374 CloseHandle 15823->15825 15826 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 15823->15826 15824->15695 15825->15821 15827 1000df64 AdjustTokenPrivileges 15826->15827 15828 1000df88 LookupPrivilegeValueA 15826->15828 15827->15828 15829 1000dfa3 AdjustTokenPrivileges 15828->15829 15830 1000dfc7 LookupPrivilegeValueA 15828->15830 15829->15830 15831 1000dfe2 AdjustTokenPrivileges 15830->15831 15832 1000e006 LookupPrivilegeValueA 15830->15832 15831->15832 15833 1000e021 AdjustTokenPrivileges 15832->15833 15834 1000e045 LookupPrivilegeValueA 15832->15834 15833->15834 15835 1000e060 AdjustTokenPrivileges 15834->15835 15836 1000e084 LookupPrivilegeValueA 15834->15836 15835->15836 15837 1000e0c3 LookupPrivilegeValueA 15836->15837 15838 1000e09f AdjustTokenPrivileges 15836->15838 15839 1000e102 LookupPrivilegeValueA 15837->15839 15840 1000e0de AdjustTokenPrivileges 15837->15840 15838->15837 15841 1000e141 LookupPrivilegeValueA 15839->15841 15842 1000e11d AdjustTokenPrivileges 15839->15842 15840->15839 15843 1000e180 LookupPrivilegeValueA 15841->15843 15844 1000e15c AdjustTokenPrivileges 15841->15844 15842->15841 15845 1000e19b AdjustTokenPrivileges 15843->15845 15846 1000e1bf LookupPrivilegeValueA 15843->15846 15844->15843 15845->15846 15847 1000e1da AdjustTokenPrivileges 15846->15847 15848 1000e1fe LookupPrivilegeValueA 15846->15848 15847->15848 15849 1000e219 AdjustTokenPrivileges 15848->15849 15850 1000e23d LookupPrivilegeValueA 15848->15850 15849->15850 15851 1000e258 AdjustTokenPrivileges 15850->15851 15852 1000e27c LookupPrivilegeValueA 15850->15852 15851->15852 15853 1000e297 AdjustTokenPrivileges 15852->15853 15854 1000e2bb GetLengthSid SetTokenInformation 15852->15854 15853->15854 15895 1000dd00 CreateToolhelp32Snapshot Thread32First 15854->15895 15856 1000e303 15857 1000e315 PostThreadMessageA 15856->15857 15858 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 15856->15858 15857->15857 15857->15858 15859 1000e371 15858->15859 15860 1000e367 ??3@YAXPAX 15858->15860 15859->15825 15860->15859 15862 1000dc6d 6 API calls 15861->15862 15863 1000dc4f ??2@YAPAXI 15861->15863 15864 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15862->15864 15865 1000dc5e 15863->15865 15866 1000dcf0 15864->15866 15865->15862 15868 100054c5 OutputDebugStringA SuspendThread OutputDebugStringA VirtualAllocEx 15867->15868 15869 1000536c memset 15867->15869 15870 10005500 OutputDebugStringA WriteProcessMemory 15868->15870 15871 100054b2 15868->15871 15872 100053ad GetNativeSystemInfo 15869->15872 15873 1000538f ??2@YAPAXI 15869->15873 15870->15871 15875 10005526 OutputDebugStringA QueueUserAPC ResumeThread 15870->15875 15874 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15871->15874 15876 100053c7 15872->15876 15877 100053cd GetSystemWow64DirectoryA 15872->15877 15881 1000539e 15873->15881 15879 100054c1 15874->15879 15880 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15875->15880 15876->15877 15882 100053e1 GetSystemDirectoryA 15876->15882 15878 100053f3 OutputDebugStringA 15877->15878 15883 10005401 15878->15883 15879->15736 15884 1000555b 15880->15884 15881->15872 15882->15878 15883->15883 15885 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 15883->15885 15884->15736 15885->15868 15886 1000549a CloseHandle CloseHandle 15885->15886 15886->15871 15888 1000575e 15887->15888 15889 1000578f FindCloseChangeNotification 15887->15889 15891 10005760 _mbsicmp 15888->15891 15890 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15889->15890 15894 100057a4 15890->15894 15892 10005775 Process32Next 15891->15892 15893 10005787 15891->15893 15892->15891 15892->15893 15893->15889 15894->15820 15894->15821 15896 1000de50 CloseHandle 15895->15896 15897 1000dd6f 15895->15897 15898 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15896->15898 15900 1000de3d Thread32Next 15897->15900 15901 1000de75 ?_Xlength_error@std@@YAXPBD 15897->15901 15909 10006370 6 API calls 15897->15909 15899 1000de71 15898->15899 15899->15856 15900->15896 15900->15897 15902 1000de90 15901->15902 15903 10005720 12 API calls 15902->15903 15904 1000deaa 15903->15904 15905 1000deb5 OpenProcess 15904->15905 15906 1000e37b 15904->15906 15905->15906 15908 1000ded0 OpenProcessToken 15905->15908 15907 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15906->15907 15910 1000e388 15907->15910 15911 1000e374 CloseHandle 15908->15911 15912 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 15908->15912 15909->15897 15910->15856 15911->15906 15913 1000df64 AdjustTokenPrivileges 15912->15913 15914 1000df88 LookupPrivilegeValueA 15912->15914 15913->15914 15915 1000dfa3 AdjustTokenPrivileges 15914->15915 15916 1000dfc7 LookupPrivilegeValueA 15914->15916 15915->15916 15917 1000dfe2 AdjustTokenPrivileges 15916->15917 15918 1000e006 LookupPrivilegeValueA 15916->15918 15917->15918 15919 1000e021 AdjustTokenPrivileges 15918->15919 15920 1000e045 LookupPrivilegeValueA 15918->15920 15919->15920 15921 1000e060 AdjustTokenPrivileges 15920->15921 15922 1000e084 LookupPrivilegeValueA 15920->15922 15921->15922 15923 1000e0c3 LookupPrivilegeValueA 15922->15923 15924 1000e09f AdjustTokenPrivileges 15922->15924 15925 1000e102 LookupPrivilegeValueA 15923->15925 15926 1000e0de AdjustTokenPrivileges 15923->15926 15924->15923 15927 1000e141 LookupPrivilegeValueA 15925->15927 15928 1000e11d AdjustTokenPrivileges 15925->15928 15926->15925 15929 1000e180 LookupPrivilegeValueA 15927->15929 15930 1000e15c AdjustTokenPrivileges 15927->15930 15928->15927 15931 1000e19b AdjustTokenPrivileges 15929->15931 15932 1000e1bf LookupPrivilegeValueA 15929->15932 15930->15929 15931->15932 15933 1000e1da AdjustTokenPrivileges 15932->15933 15934 1000e1fe LookupPrivilegeValueA 15932->15934 15933->15934 15935 1000e219 AdjustTokenPrivileges 15934->15935 15936 1000e23d LookupPrivilegeValueA 15934->15936 15935->15936 15937 1000e258 AdjustTokenPrivileges 15936->15937 15938 1000e27c LookupPrivilegeValueA 15936->15938 15937->15938 15939 1000e297 AdjustTokenPrivileges 15938->15939 15940 1000e2bb GetLengthSid SetTokenInformation 15938->15940 15939->15940 15941 1000dd00 18 API calls 15940->15941 15942 1000e303 15941->15942 15943 1000e315 PostThreadMessageA 15942->15943 15944 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 15942->15944 15943->15943 15943->15944 15945 1000e371 15944->15945 15946 1000e367 ??3@YAXPAX 15944->15946 15945->15911 15946->15945 15948 1000e550 RegOpenKeyExA 15947->15948 15949 1000e5ab 15948->15949 15950 1000e56c RegQueryValueExA 15948->15950 15955 1000e390 SHGetFolderPathA GetModuleFileNameA sprintf_s sprintf_s RegOpenKeyExA 15949->15955 15951 1000e5a0 RegCloseKey 15950->15951 15952 1000e588 RegCloseKey Sleep 15950->15952 15951->15949 15952->15948 15954 1000e5b0 Sleep 15954->15948 15956 1000e484 OutputDebugStringA RegOpenKeyExA 15955->15956 15957 1000e435 RegQueryValueExA 15955->15957 15960 1000e518 15956->15960 15961 1000e4ad 15956->15961 15958 1000e462 RegCloseKey 15957->15958 15959 1000e47b RegCloseKey 15957->15959 15962 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15958->15962 15959->15956 15963 1000fb3c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 7 API calls 15960->15963 15964 1000de90 105 API calls 15961->15964 15965 1000e477 15962->15965 15966 1000e524 15963->15966 15967 1000e4b7 15964->15967 15965->15954 15966->15954 15968 1000de90 105 API calls 15967->15968 15969 1000e4c1 15968->15969 15970 1000de90 105 API calls 15969->15970 15971 1000e4cb 15970->15971 15972 1000de90 105 API calls 15971->15972 15973 1000e4d5 15972->15973 15974 1000de90 105 API calls 15973->15974 15975 1000e4df RegSetValueExA RegCloseKey 15974->15975 15975->15960

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 15 1000de02-1000de0a 10->15 16 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->16 13 1000de34-1000de37 11->13 14 1000de39 11->14 17 1000dddb-1000dde5 12->17 18 1000dd9d-1000dda7 12->18 13->14 14->7 15->11 21 1000de0c-1000de19 15->21 31 1000deb5-1000deca OpenProcess 16->31 32 1000e37b-1000e38b call 1000fb3c 16->32 17->14 19 1000dde7-1000ddeb 17->19 18->16 22 1000ddad-1000ddb5 18->22 19->14 24 1000de1b-1000de1d 21->24 25 1000de1f 21->25 22->17 26 1000ddb7-1000ddc4 22->26 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 39 1000ded0-1000dee2 OpenProcessToken 31->39 33->34 34->11 36 1000ddd0 35->36 37 1000ddd2-1000ddd8 call 10006370 35->37 36->37 37->17 43 1000e374-1000e375 CloseHandle 39->43 44 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 39->44 43->32 46 1000df64-1000df86 AdjustTokenPrivileges 44->46 47 1000df88-1000dfa1 LookupPrivilegeValueA 44->47 46->47 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 47->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 47->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->43 79->78
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
        • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
        • CloseHandle.KERNEL32(00000000), ref: 1000DE51
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
        • API String ID: 1580616088-3994885262
        • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
        • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 295 1000de90-1000deaf call 10005720 298 1000deb5-1000deca OpenProcess 295->298 299 1000e37b-1000e38b call 1000fb3c 295->299 298->299 301 1000ded0-1000dee2 OpenProcessToken 298->301 303 1000e374-1000e375 CloseHandle 301->303 304 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 301->304 303->299 305 1000df64-1000df86 AdjustTokenPrivileges 304->305 306 1000df88-1000dfa1 LookupPrivilegeValueA 304->306 305->306 307 1000dfa3-1000dfc5 AdjustTokenPrivileges 306->307 308 1000dfc7-1000dfe0 LookupPrivilegeValueA 306->308 307->308 309 1000dfe2-1000e004 AdjustTokenPrivileges 308->309 310 1000e006-1000e01f LookupPrivilegeValueA 308->310 309->310 311 1000e021-1000e043 AdjustTokenPrivileges 310->311 312 1000e045-1000e05e LookupPrivilegeValueA 310->312 311->312 313 1000e060-1000e082 AdjustTokenPrivileges 312->313 314 1000e084-1000e09d LookupPrivilegeValueA 312->314 313->314 315 1000e0c3-1000e0dc LookupPrivilegeValueA 314->315 316 1000e09f-1000e0c1 AdjustTokenPrivileges 314->316 317 1000e102-1000e11b LookupPrivilegeValueA 315->317 318 1000e0de-1000e100 AdjustTokenPrivileges 315->318 316->315 319 1000e141-1000e15a LookupPrivilegeValueA 317->319 320 1000e11d-1000e13f AdjustTokenPrivileges 317->320 318->317 321 1000e180-1000e199 LookupPrivilegeValueA 319->321 322 1000e15c-1000e17e AdjustTokenPrivileges 319->322 320->319 323 1000e19b-1000e1bd AdjustTokenPrivileges 321->323 324 1000e1bf-1000e1d8 LookupPrivilegeValueA 321->324 322->321 323->324 325 1000e1da-1000e1fc AdjustTokenPrivileges 324->325 326 1000e1fe-1000e217 LookupPrivilegeValueA 324->326 325->326 327 1000e219-1000e23b AdjustTokenPrivileges 326->327 328 1000e23d-1000e256 LookupPrivilegeValueA 326->328 327->328 329 1000e258-1000e27a AdjustTokenPrivileges 328->329 330 1000e27c-1000e295 LookupPrivilegeValueA 328->330 329->330 331 1000e297-1000e2b9 AdjustTokenPrivileges 330->331 332 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 330->332 331->332 335 1000e315-1000e334 PostThreadMessageA 332->335 336 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 332->336 335->335 335->336 337 1000e371 336->337 338 1000e367-1000e36e ??3@YAXPAX@Z 336->338 337->303 338->337
        APIs
          • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
          • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
          • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
          • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
          • Part of subcall function 10005720: FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,74DE9350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,74DE9350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,74DE9350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,74DE9350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,74DE9350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,74DE9350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,74DE9350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
        • API String ID: 2285828341-3151685581
        • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
        • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 80 10006970-100069dd GetModuleHandleW 81 100069f8-10006a4d OutputDebugStringA memset * 2 gethostname gethostbyname 80->81 82 100069df-100069ed GetProcAddress 80->82 84 10006a53-10006a9a inet_ntoa strcat_s * 2 81->84 85 10006aee-10006b08 inet_addr 81->85 82->81 83 100069ef-100069f5 82->83 83->81 84->85 88 10006a9c-10006a9e 84->88 86 10006b0a-10006b1b 85->86 87 10006b1d-10006b2d 85->87 90 10006b2e-10006bae wsprintfA call 10006480 OutputDebugStringA call 1000d460 call 100067d0 86->90 87->90 89 10006aa0-10006aec inet_ntoa strcat_s * 2 88->89 89->85 89->89 97 10006bb1-10006bb6 90->97 97->97 98 10006bb8-10006c36 call 1000d460 ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 97->98 101 10006c53 98->101 102 10006c38-10006c51 98->102 103 10006c55-10006cc1 call 10008310 call 10007cc0 101->103 102->103 108 10006cc3 103->108 109 10006cc6-10006cce 103->109 108->109 110 10006cd0-10006cd3 109->110 111 10006cf4-10006d5d 109->111 110->111 112 10006cd5-10006cdd 110->112 113 10006d63-10006d69 111->113 114 10006e4c-10006e4e 111->114 112->111 116 10006cdf-10006cf2 112->116 115 10006d6b-10006d74 113->115 114->115 117 10006d76 115->117 118 10006d7c-10006d97 call 10007b50 115->118 116->111 117->118 122 10006e92-10006f09 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 118->122 123 10006d9d-10006dc4 118->123 126 10006f26 122->126 127 10006f0b-10006f24 122->127 124 10006dc6 123->124 125 10006dc9-10006e05 call 10007770 call 1000d3c0 123->125 124->125 136 10006e14-10006e26 125->136 137 10006e07-10006e11 ??3@YAXPAX@Z 125->137 129 10006f28-10006f94 call 10008310 call 10007cc0 126->129 127->129 139 10006f96 129->139 140 10006f99-10006fa1 129->140 141 10006e53-10006e59 136->141 142 10006e28-10006e2e 136->142 137->136 139->140 143 10006fa3-10006fa6 140->143 144 10006fc7-10007030 140->144 145 10006e61-10006e74 strncpy 141->145 146 10006e5b 141->146 147 10006e30 142->147 148 10006e36-10006e3e 142->148 143->144 150 10006fa8-10006fb0 143->150 152 10007036-1000703c 144->152 153 1000711f-10007121 144->153 151 10006e7a-10006e80 145->151 146->145 147->148 149 10006e40-10006e48 148->149 149->149 154 10006e4a 149->154 150->144 155 10006fb2-10006fc5 150->155 151->122 156 10006e82-10006e8f ??3@YAXPAX@Z 151->156 157 1000703e-10007049 152->157 153->157 154->151 155->144 156->122 158 10007051-1000706c call 10007b50 157->158 159 1000704b 157->159 163 10007072-10007099 158->163 164 10007165-1000724c OutputDebugStringA * 2 RegOpenKeyA RegQueryValueExA RegCloseKey GetSystemInfo wsprintfA GlobalMemoryStatusEx OutputDebugStringA 158->164 159->158 166 1000709b 163->166 167 1000709e-100070da call 10007770 call 1000d3c0 163->167 165 1000724e-10007250 164->165 169 10007270-1000727f 165->169 170 10007252-1000726c capGetDriverDescriptionA 165->170 166->167 178 100070e9-100070fb 167->178 179 100070dc-100070e6 ??3@YAXPAX@Z 167->179 173 10007281-10007292 169->173 170->165 172 1000726e 170->172 172->169 173->173 175 10007294-100072a1 call 10006550 173->175 183 100072a3-100072b3 wsprintfA 175->183 184 100072b6-100072f1 OutputDebugStringA call 10003190 OutputDebugStringA 175->184 181 10007126-1000712c 178->181 182 100070fd-10007103 178->182 179->178 187 10007134-10007147 strncpy 181->187 188 1000712e 181->188 185 10007105 182->185 186 1000710b-10007111 182->186 183->184 194 100072f3-100072f6 ??3@YAXPAX@Z 184->194 195 100072f9-10007305 184->195 185->186 190 10007113-1000711b 186->190 189 1000714d-10007153 187->189 188->187 189->164 192 10007155-10007162 ??3@YAXPAX@Z 189->192 190->190 193 1000711d 190->193 192->164 193->189 194->195 196 10007307-1000730a 195->196 197 1000732b-1000733d 195->197 196->197 198 1000730c-10007314 196->198 199 10007353-1000735b 197->199 200 1000733f-10007347 ?_Decref@facet@locale@std@@QAEPAV123@XZ 197->200 198->197 201 10007316-10007329 198->201 203 10007363-1000736f 199->203 204 1000735d-10007360 ??3@YAXPAX@Z 199->204 200->199 202 10007349-1000734f 200->202 201->197 202->199 205 10007371-10007374 203->205 206 10007395-100073a7 203->206 204->203 205->206 210 10007376-1000737e 205->210 207 100073a9-100073b1 ?_Decref@facet@locale@std@@QAEPAV123@XZ 206->207 208 100073bd-100073c8 206->208 207->208 211 100073b3-100073b9 207->211 212 100073d6-100073f2 208->212 213 100073ca-100073d3 ??3@YAXPAX@Z 208->213 210->206 214 10007380-10007393 210->214 211->208 215 10007400-10007421 call 1000fb3c 212->215 216 100073f4-100073fd ??3@YAXPAX@Z 212->216 213->212 214->206 216->215
        APIs
        • GetModuleHandleW.KERNEL32(NTDLL,1E019B90), ref: 100069D5
        • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
        • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
        • memset.MSVCR100 ref: 10006A10
        • memset.MSVCR100 ref: 10006A22
        • gethostname.WS2_32(?,00000100), ref: 10006A36
        • gethostbyname.WS2_32(?), ref: 10006A43
        • inet_ntoa.WS2_32 ref: 10006A5B
        • strcat_s.MSVCR100 ref: 10006A74
        • strcat_s.MSVCR100 ref: 10006A8A
        • inet_ntoa.WS2_32 ref: 10006AAA
        • strcat_s.MSVCR100 ref: 10006ABD
        • strcat_s.MSVCR100 ref: 10006AD7
        • inet_addr.WS2_32(?), ref: 10006AF5
        • wsprintfA.USER32 ref: 10006B2E
        • OutputDebugStringA.KERNEL32(?), ref: 10006B45
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
        • strncpy.MSVCR100 ref: 10006E6B
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
        • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
        • strncpy.MSVCR100 ref: 1000713E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
        • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
        • RegQueryValueExA.KERNEL32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
        • wsprintfA.USER32 ref: 10007204
        • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
        • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
        • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
        • wsprintfA.USER32 ref: 100072AD
        • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
        • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
        • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
        • API String ID: 941699131-3408092411
        • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
        • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 221 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 222 1000e66d-1000e697 call 10005180 221->222 223 1000e64f-1000e65c ??2@YAPAXI@Z 221->223 229 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 222->229 230 1000e75f-1000e762 222->230 224 1000e666 223->224 225 1000e65e-1000e664 223->225 227 1000e668 224->227 225->227 227->222 234 1000e742-1000e75d SetFileAttributesA CreateThread 229->234 231 1000e764-1000e783 GetModuleFileNameA 230->231 232 1000e785-1000e788 230->232 231->234 235 1000e791-1000e79f OutputDebugStringA 232->235 236 1000e78a-1000e78f OutputDebugStringA 232->236 234->235 238 1000e923 235->238 239 1000e7a5-1000e7ac 235->239 236->235 244 1000eb15-1000eb2b call 1000fb3c 238->244 245 1000e929-1000e94a OutputDebugStringA _wcsicmp 238->245 241 1000e7cc-1000e7e0 GetNativeSystemInfo 239->241 242 1000e7ae-1000e7bb ??2@YAPAXI@Z 239->242 252 1000e7e2-1000e7e6 241->252 253 1000e7e8-1000e7fb GetSystemWow64DirectoryA 241->253 249 1000e7c5 242->249 250 1000e7bd-1000e7c3 242->250 246 1000e967-1000e97b _wcsicmp 245->246 247 1000e94c-1000e962 call 1000dc20 245->247 246->244 256 1000e981-1000e995 OutputDebugStringA 246->256 247->246 258 1000e7c7 249->258 250->258 252->253 260 1000e7fd-1000e80a GetSystemDirectoryA 252->260 254 1000e810-1000e81f OutputDebugStringA 253->254 261 1000e820-1000e826 254->261 262 1000e9b5-1000e9c9 GetNativeSystemInfo 256->262 263 1000e997-1000e9a4 ??2@YAPAXI@Z 256->263 258->241 260->254 261->261 265 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 261->265 268 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 262->268 269 1000e9cb-1000e9cf 262->269 266 1000e9a6-1000e9ac 263->266 267 1000e9ae 263->267 272 1000e8a4-1000e8aa 265->272 273 1000e9b0 266->273 267->273 275 1000e9f9-1000ea07 OutputDebugStringA 268->275 269->268 274 1000e9e6-1000e9f3 GetSystemDirectoryA 269->274 272->272 277 1000e8ac-1000e8d7 OutputDebugStringA 272->277 273->262 274->275 278 1000ea08-1000ea0e 275->278 279 1000e8f7-1000e90f call 100052b0 277->279 280 1000e8d9-1000e8e6 ??2@YAPAXI@Z 277->280 278->278 281 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 278->281 291 1000e915-1000e91d CloseHandle ExitProcess 279->291 292 1000eb0f CloseHandle 279->292 282 1000e8f0 280->282 283 1000e8e8-1000e8ee 280->283 285 1000ea90-1000ea96 281->285 287 1000e8f2 282->287 283->287 285->285 286 1000ea98-1000eaca OutputDebugStringA * 2 285->286 289 1000eacc-1000ead9 ??2@YAPAXI@Z 286->289 290 1000eafe-1000eb03 286->290 287->279 293 1000eaf7-1000eaf9 289->293 294 1000eadb-1000eaeb 289->294 290->292 292->244 293->290 294->293
        APIs
        • OutputDebugStringA.KERNEL32(dll run), ref: 1000E5EF
        • OutputDebugStringA.KERNEL32(dll run2), ref: 1000E5F6
        • GetCommandLineW.KERNEL32 ref: 1000E616
        • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
        • memset.MSVCR100 ref: 1000E63E
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
        • sprintf_s.MSVCR100 ref: 1000E714
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
        • SetFileAttributesA.KERNEL32(?,00000002), ref: 1000E742
        • CreateThread.KERNEL32(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
        • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
        • OutputDebugStringA.KERNEL32(dll run3), ref: 1000E796
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E7D1
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E815
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
        • sprintf_s.MSVCR100 ref: 1000E87B
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
        • OutputDebugStringA.KERNEL32(?), ref: 1000E8CE
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
        • CloseHandle.KERNEL32(00000000), ref: 1000E915
        • ExitProcess.KERNEL32 ref: 1000E91D
        • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
        • _wcsicmp.MSVCR100 ref: 1000E943
        • _wcsicmp.MSVCR100 ref: 1000E974
        • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
        • sprintf_s.MSVCR100 ref: 1000EA63
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
        • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
        • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
          • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
          • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CD7086A), ref: 1000DC8B
          • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(?), ref: 1000DCD4
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderHandlePathsprintf_s$CommandCreateInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesEventExitProcessThread_beginthreadexmemset
        • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
        • API String ID: 1866755600-3018988614
        • Opcode ID: d5f84046543b8348c1f5e72567a90c4764cb23b4357569a304995b6c00c203f1
        • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
        • Opcode Fuzzy Hash: d5f84046543b8348c1f5e72567a90c4764cb23b4357569a304995b6c00c203f1
        • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • ResetEvent.KERNEL32(?), ref: 10002E7C
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
        • timeGetTime.WINMM ref: 10002E8E
        • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
        • gethostbyname.WS2_32(?), ref: 10002EDF
        • htons.WS2_32(?), ref: 10002EF8
        • connect.WS2_32(?,?,00000010), ref: 10002F16
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
        • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
        • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
        • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
        • _beginthreadex.MSVCR100 ref: 10002FF6
        • _beginthreadex.MSVCR100 ref: 1000300B
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 2079111011-3203441087
        • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
        • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 350 1000f5f0-1000f697 memset * 2 RegOpenKeyExA 351 1000f6a8-1000f6b2 350->351 352 1000f699-1000f6a3 350->352 353 1000f82c-1000f859 call 1000f85a call 1000fb3c 351->353 354 1000f6b8 351->354 352->353 354->353 356 1000f709-1000f73a RegQueryValueExA 354->356 357 1000f79e-1000f7cf RegQueryValueExA 354->357 358 1000f6bf-1000f6f0 RegQueryValueExA 354->358 359 1000f7df-1000f80a RegQueryValueExA 354->359 356->353 362 1000f740-1000f74c 356->362 357->353 363 1000f7d1-1000f7dd 357->363 358->353 361 1000f6f6-1000f704 lstrcpyA 358->361 359->353 364 1000f80c-1000f813 359->364 367 1000f822 361->367 368 1000f750-1000f753 362->368 365 1000f818-1000f81f wsprintfA 363->365 364->365 365->367 367->353 370 1000f755-1000f789 strncat * 2 strchr 368->370 371 1000f78b-1000f799 lstrcpyA 368->371 370->368 371->367
        APIs
        • memset.MSVCR100 ref: 1000F659
        • memset.MSVCR100 ref: 1000F66C
        • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 1000F68F
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Closememset$Open
        • String ID: %08X$Host
        • API String ID: 4198983563-2867006347
        • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
        • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • wsprintfA.USER32 ref: 1000DA17
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
        • GetLastError.KERNEL32 ref: 1000DA38
        • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
        • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
        • exit.MSVCR100 ref: 1000DA55
        • GetTickCount.KERNEL32 ref: 1000DAA0
        • GetTickCount.KERNEL32 ref: 1000DABB
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
        • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
        • CloseHandle.KERNEL32(?), ref: 1000DBE8
        • CloseHandle.KERNEL32(?), ref: 1000DC0B
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
        • String ID: %d:%d$206.238.115.95
        • API String ID: 3209965405-3334109357
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
        • InternetCloseHandle.WININET(00000000), ref: 10006861
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
        • InternetCloseHandle.WININET(00000000), ref: 10006929
        • InternetCloseHandle.WININET(00000000), ref: 1000692C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
        • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
        • API String ID: 3920785804-909499719
        • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
        • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 428 10005180-100051be RegCreateKeyA 429 10005291-100052a5 call 1000fb3c 428->429 430 100051c4-100051f6 RegQueryValueExA 428->430 431 10005201-1000520a 430->431 432 100051f8-100051ff 430->432 435 10005210-10005215 431->435 432->431 434 10005234-10005260 RegQueryValueExA 432->434 438 10005262-10005269 434->438 439 1000526b-10005282 RegSetValueExA 434->439 435->435 437 10005217-10005232 RegSetValueExA 435->437 437->434 438->439 440 10005284-1000528b RegCloseKey 438->440 439->440 440->429
        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
        • RegQueryValueExA.KERNEL32(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
        • RegQueryValueExA.KERNEL32(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
        • RegCloseKey.KERNEL32(?,?,?), ref: 1000528B
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Value$Query$CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2357964129-2174744495
        • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
        • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 441 10006480-100064eb memset * 2 442 1000650b-10006530 call 1000f5f0 lstrlenA 441->442 443 100064ed-100064fa ??2@YAPAXI@Z 441->443 449 10006532-10006538 gethostname 442->449 450 1000653e-1000654f lstrlenA call 1000fb3c 442->450 444 10006504 443->444 445 100064fc-10006502 443->445 447 10006506 444->447 445->447 447->442 449->450
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: lstrlenmemset$??2@gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1496828540-2058306683
        • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
        • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 453 1000e530-1000e547 454 1000e550-1000e56a RegOpenKeyExA 453->454 455 1000e5ab-1000e5bb call 1000e390 Sleep 454->455 456 1000e56c-1000e586 RegQueryValueExA 454->456 455->454 457 1000e5a0-1000e5a5 RegCloseKey 456->457 458 1000e588-1000e59e RegCloseKey Sleep 456->458 457->455 458->454
        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.KERNEL32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.ADVAPI32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
        • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
        • Opcode Fuzzy Hash: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
        • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,1E019B90,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,1E019B90,?,74DF2F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
        • String ID:
        • API String ID: 2486110213-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 486 30c07a0-30c0801 call 30c06d0 call 30c0780 LoadLibraryA
        APIs
        • LoadLibraryA.KERNEL32(?,00000000,00000072), ref: 030C07FC
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID: A$b$d$i$o$y
        • API String ID: 1029625771-4132616007
        • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction ID: 7ca363e7d9f4d013dc345f6f26eca8808526fd82913c31ec761ea2d7fa8974c2
        • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction Fuzzy Hash: 03F0745400D3C1EAE302E768944569BBED61BE2644F48CD8CE4D81B242D2BA865CC7B3
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CD7086A), ref: 1000DC8B
        • _beginthreadex.MSVCR100 ref: 1000DCAB
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • CloseHandle.KERNEL32(?), ref: 1000DCD4
        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseHandleObjectSingleWait$??2@CreateEvent_beginthreadex
        • String ID:
        • API String ID: 2512375702-0
        • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
        • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 499 10005720-1000575c CreateToolhelp32Snapshot Process32First 500 1000575e 499->500 501 1000578f-100057a7 FindCloseChangeNotification call 1000fb3c 499->501 503 10005760-10005773 _mbsicmp 500->503 504 10005775-10005785 Process32Next 503->504 505 10005789 503->505 504->503 507 10005787 504->507 505->501 507->501
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • _mbsicmp.MSVCR100 ref: 10005768
        • Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
        • String ID: 360Tray.exe
        • API String ID: 169230292-3639442380
        • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
        • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.KERNEL32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.ADVAPI32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
        • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
        • Opcode Fuzzy Hash: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
        • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: _errno$recvselect
        • String ID:
        • API String ID: 4102763267-0
        • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
        • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??2@lstrlenmemset
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 3680187532-3074452007
        • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
        • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 030C01C4
        • VirtualProtect.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 030C024A
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Virtual$FreeProtect
        • String ID: $@
        • API String ID: 2581862158-1077428164
        • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction ID: 5db3538aa59693fd39da698602c9c6b22a6f2a7d208534c7b6bf307969cb74cf
        • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction Fuzzy Hash: 803156B0615341DFD758CF18C494BAEB7E6BF88708F44890CE98A9B280D375E945CB92
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 100011E9
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
        • memcpy.MSVCR100 ref: 10001243
        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 10001256
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
        • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 1000112F
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
        • memcpy.MSVCR100 ref: 1000117C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
        • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Timememcpymemmovetime
        • String ID:
        • API String ID: 4274353191-0
        • Opcode ID: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
        • Instruction ID: afecd50a7c454d311ed32d302ad4081b02eea8efc9c71ac32c660e33d9f65598
        • Opcode Fuzzy Hash: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
        • Instruction Fuzzy Hash: 3F51AF767006029FE716CF69C8C0A9BB7A9FF48294B15C62CE9598B709DB31FC51CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 1000319B
        • InterlockedExchange.KERNEL32(?,00000001), ref: 100031B3
        • GetCurrentThreadId.KERNEL32 ref: 1000325F
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CurrentThread$ExchangeInterlocked
        • String ID:
        • API String ID: 4033114805-0
        • Opcode ID: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
        • Instruction ID: 92f6bba2800e62d8b85ec8c1807ef17e1ec769a13b423f36a60faff404f1ae5a
        • Opcode Fuzzy Hash: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
        • Instruction Fuzzy Hash: 87318C702006029FE719CF69C981A9BB7E8FF48784B10C52DE95ACB65AD731FC91CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction ID: 76ea01c7203a1e5215e19818efc80d5909405ad1c8965417e9256f59c923dec0
        • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction Fuzzy Hash: 7141D2B6312200AFE750DF68EC84BAFB3E8EFC4226F14456DFA05CA641EB71D801C661
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • send.WS2_32(?,?,00040000,00000000), ref: 100032C1
        • send.WS2_32(?,?,?,00000000), ref: 100032FE
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: send
        • String ID:
        • API String ID: 2809346765-0
        • Opcode ID: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
        • Instruction ID: 1deb385b20d9e394e8c28e3a722fddd06f86f9e1ae6173c74813b045a65b48b2
        • Opcode Fuzzy Hash: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
        • Instruction Fuzzy Hash: 4211E572B01304ABF751CA6ACCC1B4FB79CEB513E4F10C021EA09D7145D670EE519650
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • HeapCreate.KERNEL32(00000004,00000000,00000000,?,00000000,1000F180,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE1B
        • free.MSVCR100(?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE56
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CreateCriticalDeleteExceptionHeapSectionThrowfree
        • String ID:
        • API String ID: 3340481177-0
        • Opcode ID: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
        • Instruction ID: 575860950ea909c0a9de24c01ecb41454bad4fa3f9112aa4f70152feecff987d
        • Opcode Fuzzy Hash: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
        • Instruction Fuzzy Hash: 6C0160F0A00B449FD720CF2AC884647FAE8FB98740B104A1EE6DAC7A20D370A545CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Sleep
        • String ID: f
        • API String ID: 3472027048-1993550816
        • Opcode ID: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
        • Instruction ID: c7e15cd3906b8e7a7d059bf332d29cd3d7d3b3c8f0e640a517aa160ad10b5107
        • Opcode Fuzzy Hash: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
        • Instruction Fuzzy Hash: 6AF09031604219ABE302CF95C8C4BAAF3BDFBA9395F118128E50947290C371AD96C7E1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
        • RegCloseKey.ADVAPI32(?), ref: 1000F870
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Close
        • String ID:
        • API String ID: 3535843008-0
        • Opcode ID: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
        • Instruction ID: 4fc03b5113f31ef1954081eaa79b0761770d9ff5f927f98be152c15ce724a811
        • Opcode Fuzzy Hash: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
        • Instruction Fuzzy Hash: B1C09B71D1513897CB14F754FC8495977755B8C300F11C1C5A104731548734FE51DF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetEvent.KERNEL32(?,1E019B90), ref: 1000F3F2
          • Part of subcall function 1000F560: OpenInputDesktop.USER32(00000000,00000000,000001FF), ref: 1000F5A3
          • Part of subcall function 1000F560: CloseDesktop.USER32(00000000), ref: 1000F5BB
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Desktop$CloseEventInputOpen
        • String ID:
        • API String ID: 319684186-0
        • Opcode ID: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
        • Instruction ID: 0b4f54108e71b58abfbf2b913fcca8459eb83f82172870ac95fb5b270e60f150
        • Opcode Fuzzy Hash: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
        • Instruction Fuzzy Hash: C4018C76A00218AFC700CF68CD80F9ABBF8FB4D660F00816AFA04D7750D731A9008BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAStartup.WS2_32(00000202), ref: 1001116E
          • Part of subcall function 1000FC4B: __onexit.MSVCRT ref: 1000FC53
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Startup__onexit
        • String ID:
        • API String ID: 1034835647-0
        • Opcode ID: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
        • Instruction ID: 37bb70fb8f6ff2c505897149bc16272910b5e66b9ecbd68bd4162a41f6be33dc
        • Opcode Fuzzy Hash: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
        • Instruction Fuzzy Hash: 34E04F74A01208ABE704DBE5CD5799EB7A4EB0C240F50406DFA09DB351EA31FB549A96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,00000000,00000000,00000000,?,030C04FC,?,?,00000000,?,?,?), ref: 030C0121
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction ID: 10772095356f75514ab6c36c7ef6bdc8b8259789bc353b6603ef8f3f92bae8d4
        • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction Fuzzy Hash: F42147B5600201AFE314CF18DC85B6AF3E9FF88315F15886DF9958B241D7B1E895CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVersionExW.KERNEL32(?), ref: 007D6434
        • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 007D6456
        • NtQueryInformationProcess.NTDLL ref: 007D645D
        • GetCommandLineW.KERNEL32 ref: 007D649F
        • GetStdHandle.KERNEL32(000000F5), ref: 007D64F3
        • GetFileType.KERNEL32(00000000), ref: 007D6504
        • memset.MSVCRT ref: 007D652B
        • memset.MSVCRT ref: 007D653D
        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 007D661D
        • RegCloseKey.ADVAPI32(?,?), ref: 007D6649
        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 007D6672
        • RegCloseKey.ADVAPI32(?), ref: 007D667E
        • CompareStringW.KERNEL32(00000409,?,00000002,?,007D1994,000000FF), ref: 007D68CA
        • CompareStringW.KERNEL32(00000409,00000001,00000002,?,package,?), ref: 007D68F9
        • CompareStringW.KERNEL32(00000409,00000001,00000002,?,007D17F0,000000FF), ref: 007D69BB
        • memset.MSVCRT ref: 007D6B2C
        • GlobalFree.KERNEL32(?), ref: 007D6BA4
        • lstrlenW.KERNEL32(?,00000063,?), ref: 007D6C69
        • GlobalFree.KERNEL32(00000000), ref: 007D6F6C
        • CoInitialize.OLE32(00000000), ref: 007D70D8
        • CoRegisterClassObject.OLE32(007D25E0,007DB064,00000004,00000001,007DC6AC), ref: 007D710F
        • GetCurrentThread.KERNEL32 ref: 007D7225
        • OpenThreadToken.ADVAPI32(00000000), ref: 007D722C
        • GetLastError.KERNEL32 ref: 007D723F
        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007D7CAE
        • TranslateMessage.USER32(?), ref: 007D7CD0
        • DispatchMessageW.USER32(?), ref: 007D7CDE
        Strings
        • OpenProcessToken failed with %d, xrefs: 007D73F1
        • Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 007D65D9
        • forcerestart, xrefs: 007D6812
        • ServerMain (CA): Impersonation token not saved., xrefs: 007D78DD
        • package, xrefs: 007D6767, 007D6795, 007D68E8
        • ServerMain (CA): Parsing command line failed, xrefs: 007D71E1
        • help, xrefs: 007D679A
        • norestart, xrefs: 007D67F4
        • MSIPATCHREMOVE=, xrefs: 007D6774
        • PATCH=, xrefs: 007D6710
        • RUVEH?IJDqXFAtPYZlgmnc, xrefs: 007D6BDC, 007D6DB3, 007D6FDC
        • REBOOTPROMPT="", xrefs: 007D683B
        • passive, xrefs: 007D67D6
        • ServerMain (CA): Error: Format SD, xrefs: 007D75AC
        • ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type, xrefs: 007D742F
        • ServerMain (CA): Connection to Service failed., xrefs: 007D769B
        • ServerMain (CA): CoInitializeSecurity failed, xrefs: 007D75F7
        • ServerMain (CA): Error: Access to SD, xrefs: 007D74C5
        • ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type, xrefs: 007D7460
        • update, xrefs: 007D6705
        • ServerMain (CA): Access to token failed, xrefs: 007D7250
        • ServerMain (CA): Error: Watch for the shutdown signal, xrefs: 007D7621
        • ServerMain (CA): Process not registered with service., xrefs: 007D7788
        • ServerMain (CA): Wrong command line, xrefs: 007D71D0
        • ServerMain (CA): Error: Watch for change-of-owning-process signal, xrefs: 007D764A
        • ServerMain (CA): Could not open synchronization handle., xrefs: 007D77BB, 007D7ABF
        • /l*, xrefs: 007D6859
        • uninstall, xrefs: 007D6715
        • /qb!- REBOOTPROMPT=S, xrefs: 007D67E1
        • log, xrefs: 007D684E
        • promptrestart, xrefs: 007D6830
        • ServerMain (CA): Open synchronization event failed, xrefs: 007D7C8E
        • OLEAUT32.dll, xrefs: 007D70DE
        • /qn, xrefs: 007D67C3
        • q, xrefs: 007D6AFA
        • ServerMain (CA): Create Custom Action Server failed., xrefs: 007D76CD
        • ServerMain (CA): Connect to remote object failed., xrefs: 007D77F8
        • quiet, xrefs: 007D67B8
        • REBOOT=Force, xrefs: 007D681D
        • REBOOT=ReallySuppress, xrefs: 007D67FF
        • ServerMain (CA): Wait on synchronization event failed, xrefs: 007D72E1
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: CompareMessageQueryStringmemset$CloseCurrentFreeGlobalProcessThreadValue$ClassCommandDispatchErrorFileHandleInformationInitializeLastLineObjectOpenRegisterTokenTranslateTypeVersionlstrlen
        • String ID: /l*$/qb!- REBOOTPROMPT=S$/qn$MSIPATCHREMOVE=$OLEAUT32.dll$OpenProcessToken failed with %d$PATCH=$REBOOT=Force$REBOOT=ReallySuppress$REBOOTPROMPT=""$RUVEH?IJDqXFAtPYZlgmnc$ServerMain (CA): Access to token failed$ServerMain (CA): CoInitializeSecurity failed$ServerMain (CA): Connect to remote object failed.$ServerMain (CA): Connection to Service failed.$ServerMain (CA): Could not open synchronization handle.$ServerMain (CA): Create Custom Action Server failed.$ServerMain (CA): Error: Access to SD$ServerMain (CA): Error: Format SD$ServerMain (CA): Error: Watch for change-of-owning-process signal$ServerMain (CA): Error: Watch for the shutdown signal$ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type$ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type$ServerMain (CA): Impersonation token not saved.$ServerMain (CA): Open synchronization event failed$ServerMain (CA): Parsing command line failed$ServerMain (CA): Process not registered with service.$ServerMain (CA): Wait on synchronization event failed$ServerMain (CA): Wrong command line$Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$forcerestart$help$log$norestart$package$passive$promptrestart$q$quiet$uninstall$update
        • API String ID: 1475639937-2370891382
        • Opcode ID: 4cfcba1f60b4e42f1f72f060f29cd1d0071a1ccf6caa89e2d430385311c6cfb4
        • Instruction ID: 728dad643e40819214344d26b94f09d1a7cef7561c2ec5621f2d81831c3e997f
        • Opcode Fuzzy Hash: 4cfcba1f60b4e42f1f72f060f29cd1d0071a1ccf6caa89e2d430385311c6cfb4
        • Instruction Fuzzy Hash: 7DE299715083819FD7349B24D844BAABBF5FB88314F14892FF589973A0EB789C45CB52
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FreeSid.ADVAPI32(?), ref: 007D3256
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3274
        • FreeSid.ADVAPI32(?), ref: 007D3292
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D32B0
        • FreeSid.ADVAPI32(?), ref: 007D32CE
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D32F0
        • FreeSid.ADVAPI32(?), ref: 007D330E
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000013,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D332C
        • FreeSid.ADVAPI32(?), ref: 007D334A
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000014,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3368
        • FreeSid.ADVAPI32(?), ref: 007D33CF
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D33EC
        • FreeSid.ADVAPI32(?), ref: 007D340A
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3428
        • FreeSid.ADVAPI32(?), ref: 007D3446
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3468
        • FreeSid.ADVAPI32(?), ref: 007D34A2
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D34C0
        • FreeSid.ADVAPI32(?), ref: 007D34DE
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3500
        • FreeSid.ADVAPI32(?), ref: 007D3548
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3566
        • FreeSid.ADVAPI32(?), ref: 007D3584
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D35A6
        • FreeSid.ADVAPI32(?), ref: 007D35C4
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D35E2
        • FreeSid.ADVAPI32(?), ref: 007D3628
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3646
        • FreeSid.ADVAPI32(?), ref: 007D3664
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3686
        • FreeSid.ADVAPI32(?), ref: 007D36AE
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D36CC
        • FreeSid.ADVAPI32(?), ref: 007D36EA
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3707
        • FreeSid.ADVAPI32(?), ref: 007D3725
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 007D3747
        • GetLengthSid.ADVAPI32(?), ref: 007D37A0
        • memset.MSVCRT ref: 007D37C5
        • GlobalAlloc.KERNEL32(00000000,?), ref: 007D37E8
        • InitializeAcl.ADVAPI32(?,?,00000002), ref: 007D3816
        • AddAccessAllowedAce.ADVAPI32(?,00000002,?,?), ref: 007D3842
        • GetAce.ADVAPI32(?,?,?), ref: 007D385D
        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 007D3887
        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007D389D
        • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 007D38AE
        • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 007D38C7
        • GetSecurityDescriptorLength.ADVAPI32(?), ref: 007D38D6
        • MakeSelfRelativeSD.ADVAPI32(?,?,?), ref: 007D38F3
        • GetLastError.KERNEL32 ref: 007D38FD
        • GlobalFree.KERNEL32(?), ref: 007D3918
        • GetLastError.KERNEL32 ref: 007D3920
        • FreeSid.ADVAPI32(?), ref: 007D393D
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: FreeInitialize$Allocate$DescriptorSecurity$ErrorGlobalLastLength$AccessAllocAllowedDaclGroupMakeOwnerRelativeSelfmemset
        • String ID:
        • API String ID: 3802846876-0
        • Opcode ID: 68fd64611c44ad1418deda42cbb911a42cff9429a688f225f2b8f77799a2cb82
        • Instruction ID: 3bce8379a2a2e3e220658560e0a72b83d9788e20d87d20f45effa87ba3a24078
        • Opcode Fuzzy Hash: 68fd64611c44ad1418deda42cbb911a42cff9429a688f225f2b8f77799a2cb82
        • Instruction Fuzzy Hash: 94122871509345AFEB309F60DC88BABBBF8FB84745F14882EB585C2260D779D905CB26
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,74DE9350), ref: 100052DC
        • memset.MSVCR100 ref: 100052EA
        • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,74DE9350), ref: 10005340
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,74DE9350), ref: 10005362
        • memset.MSVCR100 ref: 1000537F
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
        • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,74DE9350), ref: 100053B4
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,74DE9350), ref: 100053D9
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
        • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,74DE9350), ref: 100053F8
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,74DE9350), ref: 10005438
        • sprintf_s.MSVCR100 ref: 10005456
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054A7
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,74DE9350), ref: 100054B0
        • OutputDebugStringA.KERNEL32(PuppetProcess3,?,?,74DE9350), ref: 100054CA
        • SuspendThread.KERNEL32(?,?,?,74DE9350), ref: 100054D3
        • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,74DE9350), ref: 100054DE
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,?,74DE9350), ref: 100054F4
        • OutputDebugStringA.KERNEL32(PuppetProcess5,?,?,74DE9350), ref: 10005505
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,?,74DE9350), ref: 1000551C
        • OutputDebugStringA.KERNEL32(PuppetProcess6,?,?,74DE9350), ref: 1000552B
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,?,74DE9350), ref: 10005536
        • ResumeThread.KERNEL32(?,?,?,74DE9350), ref: 10005543
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadmemset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWow64Writesprintf_s
        • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
        • API String ID: 3266731739-3220118345
        • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
        • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32(00000020,00000000,00000000), ref: 007D5A12
        • RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 007D5A8A
        • RegCloseKey.ADVAPI32(?), ref: 007D5AAA
        • GlobalFree.KERNEL32(?), ref: 007D5ABF
        • RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 007D5B14
        • RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 007D5B35
        • lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 007D5B3C
        • RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 007D5B59
        • RegCloseKey.ADVAPI32(?), ref: 007D5B65
        • memset.MSVCRT ref: 007D5B84
        • OutputDebugStringW.KERNEL32(?), ref: 007D5BD4
        • SetLastError.KERNEL32(00000000), ref: 007D5BDB
          • Part of subcall function 007D2F5E: RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZ},?,007D5A48,?,?,?), ref: 007D2F8B
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Value$CloseErrorLast$CreateDebugFreeGlobalOpenOutputQueryStringlstrlenmemset
        • String ID: %s$($Debug$Error: %d. %s.$LastError$LastErrorMessage$P$ServerMain (CA): Open synchronization event failed$Software\Microsoft\Windows\CurrentVersion\Installer\CA$Software\Policies\Microsoft\Windows\Installer
        • API String ID: 3407900974-1723650419
        • Opcode ID: ad250c3df8b6eeb8a8ffdf217d6f4936fcbec26b9640aa04b86d91c4c48b22e9
        • Instruction ID: e3cde6087ce4688d08e6a349743660d80458a69b4c5dcb940e2a4d4fac4c3e95
        • Opcode Fuzzy Hash: ad250c3df8b6eeb8a8ffdf217d6f4936fcbec26b9640aa04b86d91c4c48b22e9
        • Instruction Fuzzy Hash: 34517FB190121CEFDB219F61DC89FAA77B8FB44341F0481A7F549A2250EE798E85CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memset.MSVCRT ref: 007D5CAD
        • GetACP.KERNEL32(00000641,?,00000000), ref: 007D5CE3
        • LoadLibraryW.KERNEL32(KERNEL32), ref: 007D5CF0
        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 007D5D02
        • GetLocaleInfoW.KERNEL32(?,20001004,?,0000000A), ref: 007D5D38
        • FreeLibrary.KERNEL32(00000000), ref: 007D5D46
        • FormatMessageW.KERNEL32(00001000,00000000,00000641,?,?,00000401,00000000), ref: 007D5D6C
        • memset.MSVCRT ref: 007D5DEE
        • GetVersionExW.KERNEL32(0000011C), ref: 007D5E07
          • Part of subcall function 007D2E35: _vsnwprintf.MSVCRT ref: 007D2E67
        • lstrlenW.KERNEL32(?), ref: 007D5E96
        • WriteFile.KERNEL32(?,00000000,?,00000000), ref: 007D5EB4
        • WriteFile.KERNEL32(007D2638,00000004,?,00000000), ref: 007D5ECF
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: FileLibraryWritememset$AddressFormatFreeInfoLoadLocaleMessageProcVersion_vsnwprintflstrlen
        • String ID: GetUserDefaultUILanguage$Install error %i$KERNEL32
        • API String ID: 2411759445-2065445882
        • Opcode ID: b5e9d1b3de2df66caf5f0b620d20ef38b37ebabc6c6cbcfd5d0d2b2902bbe792
        • Instruction ID: b33f56cb8b6dd0dadec9263b137e09ebdcbafc85aaf49e96dc5c025b25988aac
        • Opcode Fuzzy Hash: b5e9d1b3de2df66caf5f0b620d20ef38b37ebabc6c6cbcfd5d0d2b2902bbe792
        • Instruction Fuzzy Hash: 0251D6B1501219ABEB20ABA0DC89EFB3B7DFB44360F144167F515E6291EA78CE41CF64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 030C6FB8
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 030C6FDD
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 030C6FF1
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 030C703C
        • CopyFileA.KERNEL32(?,?,00000000), ref: 030C7072
        • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C70D7
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C70F8
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C7120
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C713A
        • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C7147
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
        • String ID: D$\msiexec.exe
        • API String ID: 3303475852-2685333904
        • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction ID: 25d84dea83cff7820d231b9e32ba3aed106a33f31759176042b73234c9dcb0f5
        • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction Fuzzy Hash: B2715CF1911228AFEB25DB64CCD4EEAB7BDEB48700F04819AF60997140DA719F94CF61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThread.KERNEL32 ref: 007D2FC1
        • OpenThreadToken.ADVAPI32(00000000), ref: 007D2FC8
        • GetLastError.KERNEL32 ref: 007D2FD2
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 007D2FE9
        • OpenProcessToken.ADVAPI32(00000000), ref: 007D2FF0
        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 007D300F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000030,?,?), ref: 007D303B
        • CloseHandle.KERNEL32(?), ref: 007D3044
        • GetLastError.KERNEL32 ref: 007D304A
        • CloseHandle.KERNEL32(?), ref: 007D3068
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Token$CloseCurrentErrorHandleLastOpenProcessThread$AdjustLookupPrivilegePrivilegesValue
        • String ID:
        • API String ID: 268630328-0
        • Opcode ID: c80924685510d66fe3efb9402e39a39173a9674982a69abc6bb77cfe2e386817
        • Instruction ID: 6d1e2ff38634da0a9e3a803cffa9d4c1daf3e787f87da1bfe1ebcf26d56cbf9d
        • Opcode Fuzzy Hash: c80924685510d66fe3efb9402e39a39173a9674982a69abc6bb77cfe2e386817
        • Instruction Fuzzy Hash: 5A212E71A01209EFDB209FA5ED49BDDBBB9EF44701F108026F601E6260DB799D02CB25
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 007D3133
        • GetLastError.KERNEL32(?,?), ref: 007D313D
        • GetLengthSid.ADVAPI32(?,?,?), ref: 007D3148
        • FreeSid.ADVAPI32(00000000), ref: 007D315E
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AllocateErrorFreeInitializeLastLength
        • String ID:
        • API String ID: 1611457584-0
        • Opcode ID: 8dee03364b5e55827f733a2360b602b083851e2923119c9f344afee7e6da9e95
        • Instruction ID: 465c6326898b4135cf0ab84f8ab81b377042328d7ae6a67924d0effb03ea78af
        • Opcode Fuzzy Hash: 8dee03364b5e55827f733a2360b602b083851e2923119c9f344afee7e6da9e95
        • Instruction Fuzzy Hash: 9111427090520EEFDB119BA4DC09BBEBB79FB48304F04846BF415A22A0D7B98D44CB15
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 10010108
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
        • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
        • TerminateProcess.KERNEL32(00000000), ref: 1001014B
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 3369434319-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 030D1D0C
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 030D1D21
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 030D1D2C
        • GetCurrentProcess.KERNEL32(C0000409), ref: 030D1D48
        • TerminateProcess.KERNEL32(00000000), ref: 030D1D4F
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 2579439406-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: f3b728b2e61066571a97a2182a833370d89c007be394e3db0613f22b4f9eccc9
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: F321BAB8802724DFF705DF69DDC96443BBABB1C344F51801AE6088B269E771E980CF15
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 007D7DF2
        • GetLastError.KERNEL32 ref: 007D7DFC
          • Part of subcall function 007D59F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 007D5A12
          • Part of subcall function 007D59F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 007D5A8A
          • Part of subcall function 007D59F2: RegCloseKey.ADVAPI32(?), ref: 007D5AAA
          • Part of subcall function 007D59F2: GlobalFree.KERNEL32(?), ref: 007D5ABF
          • Part of subcall function 007D59F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 007D5B14
          • Part of subcall function 007D59F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 007D5B35
          • Part of subcall function 007D59F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 007D5B3C
          • Part of subcall function 007D59F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 007D5B59
          • Part of subcall function 007D59F2: RegCloseKey.ADVAPI32(?), ref: 007D5B65
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Value$CloseErrorLast$CreateCtrlDispatcherFreeGlobalQueryServiceStartlstrlen
        • String ID: MSIServer$StartServiceCtrlDispatcher failed.
        • API String ID: 2998827721-520530687
        • Opcode ID: 1d9351fede2d4debd2ca495c4f49f097779ee648e3a431761b484a55d15e9e47
        • Instruction ID: 0c193a30d2c2a95875c0acd9ec9baa792afed47ea1304dcbc2313a23cbe7dfa8
        • Opcode Fuzzy Hash: 1d9351fede2d4debd2ca495c4f49f097779ee648e3a431761b484a55d15e9e47
        • Instruction Fuzzy Hash: DBE0D831F101089BDB10EBA4C8097AE7BFCEB84309F4484B69511E2341EB78D906CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,007D9726,007D1000), ref: 007D95F7
        • UnhandledExceptionFilter.KERNEL32(007D9726,?,007D9726,007D1000), ref: 007D9600
        • GetCurrentProcess.KERNEL32(C0000409,?,007D9726,007D1000), ref: 007D960B
        • TerminateProcess.KERNEL32(00000000,?,007D9726,007D1000), ref: 007D9612
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
        • String ID:
        • API String ID: 3231755760-0
        • Opcode ID: 9b7d510fab11a5abb631fcf8e115220fd90af58e3f1d12419f5f3fe978bfb43e
        • Instruction ID: 4c24e25a599dd25af616bbb8fd9df708ecfb237f810bd7330306d747ee8bad31
        • Opcode Fuzzy Hash: 9b7d510fab11a5abb631fcf8e115220fd90af58e3f1d12419f5f3fe978bfb43e
        • Instruction Fuzzy Hash: BFD0C932001108BBCB202BE5EC0DA493F38EB84312F02C002F30982120CA3E4C42CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 007D3C24: EnterCriticalSection.KERNEL32(007DC838,?,?,?,007D3C1E,00000000,00000000), ref: 007D3C31
          • Part of subcall function 007D3C24: LeaveCriticalSection.KERNEL32(007DC838,?,?,?,007D3C1E,00000000,00000000), ref: 007D3CDF
        • RegOpenKeyExW.ADVAPI32(80000000,CLSID,00000000,00020019,?,00000002,00000000,00007530), ref: 007D7EFB
        • RegCloseKey.ADVAPI32(?), ref: 007D7F0B
          • Part of subcall function 007D8745: GlobalAlloc.KERNEL32(00000000,?,00000000,?,007D7F98,00000200), ref: 007D875F
          • Part of subcall function 007D8745: memset.MSVCRT ref: 007D8778
        • CoUninitialize.OLE32 ref: 007D7F5B
        • MakeAbsoluteSD.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000200), ref: 007D8058
        • CoUninitialize.OLE32 ref: 007D8066
        • GetLastError.KERNEL32 ref: 007D806C
        • GetLastError.KERNEL32(00000000), ref: 007D80AC
        • CoUninitialize.OLE32(00000002,00000000,00007530), ref: 007D80C2
        • InitializeCriticalSection.KERNEL32(007DC488,00000002,00000000,00007530), ref: 007D81D2
        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 007D81F5
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 007D8204
        • GetLastError.KERNEL32 ref: 007D8246
        • GetLastError.KERNEL32 ref: 007D8276
        • CoRegisterClassObject.OLE32(007D25E0,?,00000015,00000001,?,00000002,00000000,00007530), ref: 007D82C0
        • MsgWaitForMultipleObjects.USER32(00000003,?,00000000,000000FF,00001CFF), ref: 007D8343
        • TranslateMessage.USER32(?), ref: 007D8375
        • DispatchMessageW.USER32(?), ref: 007D8382
        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007D8394
        • GetLastError.KERNEL32 ref: 007D83C6
        • GetLastError.KERNEL32 ref: 007D83CC
        • GetLastError.KERNEL32(00000000), ref: 007D841B
        • EnterCriticalSection.KERNEL32(007DC488,00000001,00000000), ref: 007D843C
        • CloseHandle.KERNEL32 ref: 007D8448
        • LeaveCriticalSection.KERNEL32(007DC488), ref: 007D8459
        • EnterCriticalSection.KERNEL32(007DC488,00000001,00000000), ref: 007D846C
        • CloseHandle.KERNEL32 ref: 007D8478
        • LeaveCriticalSection.KERNEL32(007DC488), ref: 007D8489
        • EnterCriticalSection.KERNEL32(007DC488,00000001,00000000), ref: 007D849C
        • CloseHandle.KERNEL32 ref: 007D84A8
        • LeaveCriticalSection.KERNEL32(007DC488), ref: 007D84B9
        • CoUninitialize.OLE32(00000001,00000000), ref: 007D84C3
        • DeleteCriticalSection.KERNEL32(007DC488,00000001,00000000), ref: 007D84E0
        • CoUninitialize.OLE32(?,?,?,?,00000200), ref: 007D84EC
        • GlobalFree.KERNEL32(?), ref: 007D850D
        • GlobalFree.KERNEL32(?), ref: 007D8526
        • GlobalFree.KERNEL32(?), ref: 007D853F
        • GlobalFree.KERNEL32(?), ref: 007D8558
        • GlobalFree.KERNEL32(?), ref: 007D8571
        Strings
        • ServiceThreadMain: CreateSD for CreateWaitableTimer failed., xrefs: 007D81B1
        • ServiceThreadMain: CreateEvent failed., xrefs: 007D840D
        • ServiceThreadMain: SetWaitableTimer failed., xrefs: 007D827C
        • Set of COMGLB_UNMARSHALING_POLICY failed., xrefs: 007D8163
        • ServiceThreadMain: CoInitializeSecurity failed, xrefs: 007D80A0
        • CoCreateInstance of CLSID_GlobalOptions failed., xrefs: 007D8105
        • ServiceThreadMain: Class registration failed, xrefs: 007D8400
        • Wait Failed in MsgWait., xrefs: 007D83D4
        • ServiceThreadMain: CreateWaitableTimer failed., xrefs: 007D824C
        • CLSID, xrefs: 007D7EF1
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$ErrorLast$Global$FreeUninitialize$CloseEnterLeave$HandleMessage$CreateEvent$AbsoluteAllocClassDeleteDispatchInitializeMakeMultipleObjectObjectsOpenPeekRegisterTranslateWaitmemset
        • String ID: CLSID$CoCreateInstance of CLSID_GlobalOptions failed.$ServiceThreadMain: Class registration failed$ServiceThreadMain: CoInitializeSecurity failed$ServiceThreadMain: CreateEvent failed.$ServiceThreadMain: CreateSD for CreateWaitableTimer failed.$ServiceThreadMain: CreateWaitableTimer failed.$ServiceThreadMain: SetWaitableTimer failed.$Set of COMGLB_UNMARSHALING_POLICY failed.$Wait Failed in MsgWait.
        • API String ID: 535215923-1806920385
        • Opcode ID: 4d836e4fedaf236793d7b1414fa5a409b3e8a3f1538e90388642e7036807cee6
        • Instruction ID: 601c1a0b2a4d25d41247aceb30cbda37e259aedfc1b2cb3c85be87bcb3876730
        • Opcode Fuzzy Hash: 4d836e4fedaf236793d7b1414fa5a409b3e8a3f1538e90388642e7036807cee6
        • Instruction Fuzzy Hash: A10295B090121ADFEB619F64DD89EAE7778EB44704F00819BB509A2390DF3D9D81CF66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 030CFAC1
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 030CFADE
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 030CFB9D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 030CFBDC
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 030CFC1B
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 030CFC5A
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 030CFC99
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 030CFCD8
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 030CFD17
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 030CFD56
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 030CFD95
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 030CFDD4
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 030CFE13
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 030CFE52
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 030CFE91
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 030CFEE1
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 030CFEF5
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 030CFF23
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 030CFF40
        • CloseHandle.KERNEL32(?), ref: 030CFF5E
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 030CFF79
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$Process$CloseHandleOpenToken$InformationLengthMessagePostTerminateThread
        • String ID:
        • API String ID: 1335550552-3916222277
        • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction ID: ec1e2fe2ab9e03df81c9665dbcf9510a1e3113f32a5e5a257763be3dfe67665b
        • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction Fuzzy Hash: 9312A6B1E41219ABEB14CFD5CD81BEEBBB5FF48700F148519E615BB280D7B0AA01CB55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75A8EC10), ref: 1000E3B4
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75A8EC10), ref: 1000E3C8
        • sprintf_s.MSVCR100 ref: 1000E3EC
        • sprintf_s.MSVCR100 ref: 1000E406
        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
        • RegQueryValueExA.ADVAPI32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
        • RegCloseKey.ADVAPI32(?), ref: 1000E469
        • RegCloseKey.ADVAPI32(?), ref: 1000E482
        • OutputDebugStringA.KERNEL32(meiyou), ref: 1000E489
        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
        • RegSetValueExA.ADVAPI32(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
        • RegCloseKey.ADVAPI32(?), ref: 1000E516
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
        • API String ID: 3385724880-3482547359
        • Opcode ID: 0ea3f9e50c05b92275b44224cecbd4e14134274ecfd7224f6212e4d1a41cab6b
        • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
        • Opcode Fuzzy Hash: 0ea3f9e50c05b92275b44224cecbd4e14134274ecfd7224f6212e4d1a41cab6b
        • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 10005646
        • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
        • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
        • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
        • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
        • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
        • CloseHandle.KERNEL32(?), ref: 100056F2
        • FreeLibrary.KERNEL32(00000000), ref: 100056FD
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
        • API String ID: 3440622277-1578001699
        • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
        • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,1E019B90,745947A0,?,?,00000001), ref: 10004AE6
        • EnterCriticalSection.KERNEL32(?,1E019B90,745947A0,?,?,00000001), ref: 10004B0D
        • SetLastError.KERNEL32(0000139F), ref: 10004B21
        • LeaveCriticalSection.KERNEL32(?), ref: 10004B28
        • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • wsprintfA.USER32 ref: 030CF61B
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 030CF630
        • GetLastError.KERNEL32 ref: 030CF63C
        • ReleaseMutex.KERNEL32(00000000), ref: 030CF64A
        • CloseHandle.KERNEL32(00000000), ref: 030CF651
        • GetTickCount.KERNEL32 ref: 030CF6A4
        • GetTickCount.KERNEL32 ref: 030CF6BF
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 030CF6FD
        • TerminateThread.KERNEL32(?,000000FF), ref: 030CF7DE
        • CloseHandle.KERNEL32(?), ref: 030CF7EC
        • CloseHandle.KERNEL32(?), ref: 030CF80F
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
        • String ID: 206.238.115.95
        • API String ID: 583979846-4293060609
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: b360c2938517a63e60e424e29655b113703988bfa34f0c7cc26d207cc2dd05b5
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: B0516AB1519791AFD721DF68CC84B9FB7E9FB88711F008A1CE54A9B2A0C7709815CF92
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID: Al$bad cast
        • API String ID: 3682899576-2818143712
        • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
        • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 030C4A80
        • InterlockedExchange.KERNEL32(?,00000000), ref: 030C4A8C
        • timeGetTime.WINMM ref: 030C4A92
        • socket.WS2_32(00000002,00000001,00000006), ref: 030C4ABF
        • gethostbyname.WS2_32(?), ref: 030C4AE3
        • htons.WS2_32(?), ref: 030C4AFC
        • connect.WS2_32(?,?,00000010), ref: 030C4B1A
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 030C4BCE
        • InterlockedExchange.KERNEL32(?,00000001), ref: 030C4BD7
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 3940796591-3203441087
        • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction ID: fe697eccfa41a5e34ed8edea0775e60cd5be6b63af1d20566ef6f6bb0617775e
        • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction Fuzzy Hash: EA514CB1640704ABE720DFA5CC85FAAB7F8FF48B10F108619F656A76D0D7B4A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryExW.KERNEL32(ISMIF32.DLL,00000000,00000800,?,00000000), ref: 007D57F6
        • GetProcAddress.KERNEL32(00000000,InstallStatusMIF), ref: 007D580C
        • GetSystemDefaultLangID.KERNEL32(?,00000000), ref: 007D585C
        • memset.MSVCRT ref: 007D589D
        • FormatMessageW.KERNEL32(00001000,00000000,00000000,?,?,00000105,00000000,?,00000000), ref: 007D58C5
        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,007DC920,00000100,00000000,00000000,?,00000000), ref: 007D5902
        • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 007D5976
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Library$AddressByteCharDefaultFormatFreeLangLoadMessageMultiProcSystemWidememset
        • String ID: ISMIF32.DLL$InstallStatusMIF$Installer error %i
        • API String ID: 2186023739-4237920443
        • Opcode ID: 5d7406c5cd07fc5f1eabdeafd97b5588f05a21f833d8a58506d3757c2186324d
        • Instruction ID: c59d0123f0689db1207c400e4bc358903dc578dec00d62d80b09b5ca70293dbf
        • Opcode Fuzzy Hash: 5d7406c5cd07fc5f1eabdeafd97b5588f05a21f833d8a58506d3757c2186324d
        • Instruction Fuzzy Hash: 2341F7B0781319FFE721AB249C5EFBA7778EB14720F504167B559E23C0DABCAD408668
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005BBD
        • memset.MSVCR100 ref: 10005BD1
        • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 10005BEB
        • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?), ref: 10005C26
        • _mbscmp.MSVCR100 ref: 10005C39
        • lstrcpyA.KERNEL32(-000000D0,system), ref: 10005C52
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C67
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C84
        • ??3@YAXPAX@Z.MSVCR100 ref: 10005C9E
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: FreeMemory$??2@??3@EnumerateInformationQuerySessionSessions_mbscmplstrcpymemset
        • String ID: system
        • API String ID: 2835183911-3377271179
        • Opcode ID: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction ID: d08ab42cfd6b18e12b5412b75c8ea3aae0022bfd40c742a0170e7af3aa65547d
        • Opcode Fuzzy Hash: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction Fuzzy Hash: FF31A1B5A00219AFEB10CF90CCC8DAFBBB8FF44711F108119E915A3244D730AA51CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(kernel32.dll,OLEAUT32.dll,0000005C,?,?,007D9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,007D90C6,0000020A,?), ref: 007D8F8C
        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 007D8F9F
        • GetLastError.KERNEL32(?,007D9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,007D90C6,0000020A,?), ref: 007D8FAB
        • FreeLibrary.KERNEL32(00000000,?,007D9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,007D90C6,0000020A,?), ref: 007D8FE0
        • SetLastError.KERNEL32(00000000,?,007D9046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,007D90C6,0000020A,?), ref: 007D8FE7
        • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 007D8FF8
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: ErrorLastLibrary$AddressDirectoryFreeLoadProcSystem
        • String ID: GetSystemWow64DirectoryW$OLEAUT32.dll$kernel32.dll
        • API String ID: 1648426049-138662608
        • Opcode ID: 3225435d5ea16c11f03e03bf2c1b75df2b3814ee384e0cde740f16340a095009
        • Instruction ID: f6f5bd1fa5f88e707ea1502a21a00bf40f2844f16a0e7afe24974fe66c156c39
        • Opcode Fuzzy Hash: 3225435d5ea16c11f03e03bf2c1b75df2b3814ee384e0cde740f16340a095009
        • Instruction Fuzzy Hash: DE012D3234521667D72227649C0CA6B7BBFEBC4301F1A8027F502D2350EFBCCC02865A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,10016034,10012308,?,?,00000001), ref: 030C66EA
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C6711
        • SetLastError.KERNEL32(0000139F), ref: 030C6725
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C672C
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: 68b91beaae20ec4b8fd3e507acd78d427350272bfffa84ab08ed568a39df24f9
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: 5D5189B6A047449FD724DFA8C884A6EB7F4FB48711F048A6EE90A83B50DB35E8108B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • lstrlenW.KERNEL32 ref: 007D5475
          • Part of subcall function 007D8665: GlobalAlloc.KERNEL32(00000040,?,00000020,-00000002,00000000,?,007D66E9,?,?,?), ref: 007D8680
        • CoInitialize.OLE32(00000000), ref: 007D54EB
        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 007D54FF
        • SetCurrentDirectoryW.KERNEL32(?,?,00000000,00000008), ref: 007D5511
        • GetLastError.KERNEL32(?,00000000,00000008), ref: 007D551B
        • SetThreadToken.ADVAPI32(00000000,00000000,?,00000000,00000008), ref: 007D5534
        • GetLastError.KERNEL32(?,00000000,00000008), ref: 007D553E
        • GetProcAddress.KERNEL32(00000000), ref: 007D5559
        • GetLastError.KERNEL32(?,?,00000000,00000008), ref: 007D5565
        • FreeLibrary.KERNEL32(00000000,?,00000000,00000008), ref: 007D558D
        • CoUninitialize.OLE32(?,00000000,00000008), ref: 007D5593
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$Library$AddressAllocCurrentDirectoryFreeGlobalInitializeLoadProcThreadTokenUninitializelstrlen
        • String ID:
        • API String ID: 1429436423-0
        • Opcode ID: 03da6c5b715bc3493c8fdd38874e542fcb5244a01eaa9f224e248d2bf352e977
        • Instruction ID: 08344e2b3276bac715e0225fc8f53861d51d52414253eacb552be944f4d81eb1
        • Opcode Fuzzy Hash: 03da6c5b715bc3493c8fdd38874e542fcb5244a01eaa9f224e248d2bf352e977
        • Instruction Fuzzy Hash: 84411232A419398BC7325B28AC487BE7776AF94751F01426BEC47E7390DE3CCD418A90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(00000064), ref: 10002D1D
        • CloseHandle.KERNEL32(?), ref: 10002D33
        • CloseHandle.KERNEL32(?), ref: 10002D3D
        • CloseHandle.KERNEL32(?), ref: 10002D47
        • WSACleanup.WS2_32 ref: 10002D49
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: FreeVirtual$CloseHandle$CleanupSleep
        • String ID:
        • API String ID: 21600312-0
        • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
        • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,1E019B90,00000000,00000000,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast), ref: 10009C09
        • _CxxThrowException.MSVCR100(?,10013774), ref: 10009C18
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,10013774), ref: 10009C28
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 10009C2F
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowstd::locale::facet::_
        • String ID: bad cast
        • API String ID: 3754268192-3145022300
        • Opcode ID: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction ID: 8e14b074035db8c01746d2bfa9994902538dc9c994fd8b17045a7e04c907522a
        • Opcode Fuzzy Hash: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction Fuzzy Hash: CA31D2B6904124AFEB14CF54DD84A9EB7B8FB043B0F518259ED26A73A1DB30ED40CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1E019B90,0000002D,?,00000000,?), ref: 1000BFAD
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,1E019B90,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 1881732901-0
        • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
        • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C5A09
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C5A54
        • send.WS2_32(030C5707,?,?,00000000), ref: 030C5A72
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C5A85
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C5A98
        • HeapFree.KERNEL32(00000000,00000000,?,?,030C5707), ref: 030C5AC0
        • WSAGetLastError.WS2_32(?,030C5707), ref: 030C5ACB
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C5ADF
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C5B18
        • HeapFree.KERNEL32(00000000,00000000,?,?,030C5707), ref: 030C5B55
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction ID: 671ab0ca0a490ca5fc5683fbab2aadfbad2ef1b866aac7bee9c26f3989bdde70
        • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction Fuzzy Hash: BD4116B55157409BD760DFBACCC8AABB7E8BB4A300F44896DE96ECB250D770F8418B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,00000001,00000001,?,10003B03), ref: 10003E05
        • LeaveCriticalSection.KERNEL32(?,?,10003B03), ref: 10003E50
        • send.WS2_32(10003B03,?,?,00000000), ref: 10003E6E
        • EnterCriticalSection.KERNEL32(?), ref: 10003E81
        • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
        • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003EBC
        • WSAGetLastError.WS2_32(?,10003B03), ref: 10003EC7
        • EnterCriticalSection.KERNEL32(?,?,10003B03), ref: 10003EDB
        • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
        • HeapFree.KERNEL32(00000000,00000000,?,?,10003B03), ref: 10003F51
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
        • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
          • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
          • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
          • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
        • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
        • _beginthreadex.MSVCR100 ref: 10003615
        • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
        • SetLastError.KERNEL32(00000000), ref: 10003661
        • GetLastError.KERNEL32 ref: 10003679
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • SetLastError.KERNEL32(00000000), ref: 10003689
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
        • String ID:
        • API String ID: 2811472597-0
        • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
        • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D), ref: 030C6967
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C697C
        • WSASetLastError.WS2_32(00002746), ref: 030C698E
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C6995
        • timeGetTime.WINMM ref: 030C69C3
        • timeGetTime.WINMM ref: 030C69EB
        • SetEvent.KERNEL32(?), ref: 030C6A29
        • InterlockedExchange.KERNEL32(?,00000001), ref: 030C6A35
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C6A3C
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C6A4F
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction ID: 43025805a1b74c665f38b4011c5bb286f606f72380e7c99d13fc52e06ad6d176
        • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction Fuzzy Hash: BA41AD716013889BD730DF68C888A6EF7FDEB49714F0C869DE48AC7251D776E8518B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D), ref: 10004D63
        • EnterCriticalSection.KERNEL32(?), ref: 10004D78
        • WSASetLastError.WS2_32(00002746), ref: 10004D8A
        • LeaveCriticalSection.KERNEL32(?), ref: 10004D91
        • timeGetTime.WINMM ref: 10004DBF
        • timeGetTime.WINMM ref: 10004DE7
        • SetEvent.KERNEL32(?), ref: 10004E25
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
        • LeaveCriticalSection.KERNEL32(?), ref: 10004E38
        • LeaveCriticalSection.KERNEL32(?), ref: 10004E4B
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
        • Opcode Fuzzy Hash: c3736b545ed142cac1dbe30f9711bc5f19d9c2207144ce7d89a8436865436a0c
        • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 1000375F
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10003798
        • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100037B5
        • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100037C8
        • WSACreateEvent.WS2_32 ref: 100037CA
        • gethostbyname.WS2_32(?), ref: 100037D4
        • htons.WS2_32(?), ref: 100037ED
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 1000380B
        • connect.WS2_32(?,?,00000010), ref: 10003820
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 1000382F
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 2147236057-0
        • Opcode ID: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction ID: 832f1b8ff29030e8bf453c954313f24a602478d3b057f428ca850e8eb3ef4c46
        • Opcode Fuzzy Hash: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction Fuzzy Hash: B0312AB1A00319AFE710DFA4CC85E7FB7B8FB48760F108619F622972D0DA75EA158B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10004443
        • ResetEvent.KERNEL32(?), ref: 1000444C
        • timeGetTime.WINMM ref: 1000444E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
        • ResetEvent.KERNEL32(?), ref: 100044C8
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • ResetEvent.KERNEL32(?), ref: 100044DC
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 542259498-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 030C724A
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 030C727F
        • LoadLibraryA.KERNEL32(10012638), ref: 030C72D7
        • CloseHandle.KERNEL32(?), ref: 030C72F6
        • FreeLibrary.KERNEL32(00000000), ref: 030C7301
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$Adva$pi32
        • API String ID: 1168765234-3719434023
        • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction ID: 7f434e515c91809a8f2760091201b1721926c1484a2e8ee4544498d2a49bee98
        • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction Fuzzy Hash: EF318DB5A02218AFDB10DBF4DD89BEEBBB8EF49701F104159FA05A7280DB74D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        • api-ms-win-core-delayload-l1-1-1.dll, xrefs: 007D9103
        • KERNEL32.DLL, xrefs: 007D9113
        • ResolveDelayLoadsFromDll, xrefs: 007D9137
        • ResolveDelayLoadedAPI, xrefs: 007D9123
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID: KERNEL32.DLL$ResolveDelayLoadedAPI$ResolveDelayLoadsFromDll$api-ms-win-core-delayload-l1-1-1.dll
        • API String ID: 0-3594434003
        • Opcode ID: d9b4f2ecf8eff8b85f2aec8f3df93ac293436065593f22c2973ba4932278da0c
        • Instruction ID: f7483dd5e8df0cd06c897167204ed1a90d653b6aaba0d23240e37794a1adee8e
        • Opcode Fuzzy Hash: d9b4f2ecf8eff8b85f2aec8f3df93ac293436065593f22c2973ba4932278da0c
        • Instruction Fuzzy Hash: 08F0BBA3542633A60F326BA45CD68CA177959157913014227FA40E7355EB1DDC429290
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_initterm_ismbbleadexit
        • String ID:
        • API String ID: 359039474-0
        • Opcode ID: fd6016c7ad23cc1f75622eec285805db6acb915c3648a7197b20b8e3e539ab9e
        • Instruction ID: 9ff8a3eee86366edc223cb7640947b34cea8c9f588c0aabf5bce39820ed7595d
        • Opcode Fuzzy Hash: fd6016c7ad23cc1f75622eec285805db6acb915c3648a7197b20b8e3e539ab9e
        • Instruction Fuzzy Hash: E641F472945359DFDB229FA4DD057AA77B5EB44720F24802BEA42973D1DB7C8802CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@$free
        • String ID:
        • API String ID: 2241099983-0
        • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
        • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
        • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
        • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
        • SetLastError.KERNEL32(0000139F), ref: 10004CD9
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
        • LeaveCriticalSection.KERNEL32(00000002), ref: 10004CE9
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
        • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memmove.MSVCR100 ref: 1000753B
        • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,1E019B90), ref: 10007636
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,1E019B90), ref: 10007664
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1E019B90), ref: 1000766F
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
        • String ID: invalid string position$string too long
        • API String ID: 2621357903-4289949731
        • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
        • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
        • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OutputDebugStringA.KERNEL32(10012B64), ref: 030D008D
          • Part of subcall function 030CFA94: OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 030CFAC1
          • Part of subcall function 030CFA94: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 030CFADE
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 030CFB9D
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 030CFBDC
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 030CFC1B
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 030CFC5A
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 030CFC99
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 030CFCD8
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 030CFD17
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 030CFD56
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 030CFD95
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 030CFDD4
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 030CFE13
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 030CFE52
          • Part of subcall function 030CFA94: LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 030CFE91
          • Part of subcall function 030CFA94: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 030CFEE1
          • Part of subcall function 030CFA94: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 030CFEF5
          • Part of subcall function 030CFA94: PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 030CFF23
          • Part of subcall function 030CFA94: TerminateProcess.KERNEL32(?,00000000,00000000), ref: 030CFF40
          • Part of subcall function 030CFA94: CloseHandle.KERNEL32(?), ref: 030CFF5E
          • Part of subcall function 030CFA94: CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 030CFF79
        • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 030D010D
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Value$LookupPrivilege$Process$CloseHandleOpenToken$DebugInformationLengthMessageOutputPostStringTerminateThread
        • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
        • API String ID: 2737639916-1482746000
        • Opcode ID: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
        • Instruction ID: af5565adb32d764eba0d79753e3ca2646ccbd44ea10b1d04ecccc77ef7b7180e
        • Opcode Fuzzy Hash: 16f91329fb51dfe1a547dbb04342370386c88b5bd145873f3ae5814020d44437
        • Instruction Fuzzy Hash: B201C0B460039AAEDB28EBA08C94FFEB76BDFC8700F008188E6055F181DE74DA508F55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegisterServiceCtrlHandlerW.ADVAPI32(MSIServer,Function_000085A0), ref: 007D7E2A
        • GetLastError.KERNEL32 ref: 007D7E39
          • Part of subcall function 007D59F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 007D5A12
          • Part of subcall function 007D59F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 007D5A8A
          • Part of subcall function 007D59F2: RegCloseKey.ADVAPI32(?), ref: 007D5AAA
          • Part of subcall function 007D59F2: GlobalFree.KERNEL32(?), ref: 007D5ABF
          • Part of subcall function 007D59F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 007D5B14
          • Part of subcall function 007D59F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 007D5B35
          • Part of subcall function 007D59F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 007D5B3C
          • Part of subcall function 007D59F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 007D5B59
          • Part of subcall function 007D59F2: RegCloseKey.ADVAPI32(?), ref: 007D5B65
        • CreateThread.KERNEL32(00000000,00000000,Function_00007EB0,00000000,00000000,007DC6A8), ref: 007D7E72
        • GetLastError.KERNEL32(00007530), ref: 007D7E80
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: ErrorLastValue$CloseCreate$CtrlFreeGlobalHandlerQueryRegisterServiceThreadlstrlen
        • String ID: MSIServer$RegisterServiceCtrlHandler failed.
        • API String ID: 1878216277-870239898
        • Opcode ID: 15065eba1b8cdae16195237ff5a5305373b775c3e78bed9e37787078f8f020fe
        • Instruction ID: af1c661e3697db717b78887c454ad1986955e5ad3cda57f8c919802f174361fd
        • Opcode Fuzzy Hash: 15065eba1b8cdae16195237ff5a5305373b775c3e78bed9e37787078f8f020fe
        • Instruction Fuzzy Hash: 9601F971646221FBC3356765AE0ED673FBCDB85761B004253B909D1390E67CDC01C6B9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,1E019B90,?,1E019B90,10008EF2), ref: 1000A71D
          • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,1E019B90,?,1E019B90,10008EF2), ref: 1000A740
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,1E019B90), ref: 1000A76E
          • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
          • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
        • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
        • memmove.MSVCR100 ref: 100093D6
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
        • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
        • String ID:
        • API String ID: 666130115-0
        • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
        • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
        • LoadLibraryA.KERNEL32(?), ref: 10005F20
        • GetProcessHeap.KERNEL32(00000000,FFFC66E8,8B068BFF), ref: 10005F46
        • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
        • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
        • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
        • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
        • String ID:
        • API String ID: 1153753045-0
        • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
        • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 030C5363
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 030C539C
        • WSACreateEvent.WS2_32 ref: 030C53CE
        • gethostbyname.WS2_32(?), ref: 030C53D8
        • htons.WS2_32(?), ref: 030C53F1
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 030C540F
        • connect.WS2_32(?,?,00000010), ref: 030C5424
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 030C5433
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 603330298-0
        • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction ID: c99e7d752d921e885d619f731c8aa16e74af62770f3b601868c00ad4aeac62ea
        • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction Fuzzy Hash: 3F315BB5A00305AFE714DBA5CC85EBFB7B8EB48714F104A1DF622972D0DA74AA008B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 030C5B69
        • SetLastError.KERNEL32(0000139F,?,100120A0,030C528C), ref: 030C5C58
          • Part of subcall function 030C47A4: SwitchToThread.KERNEL32 ref: 030C47CE
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 030C5BCA
        • SetEvent.KERNEL32(?), ref: 030C5BED
        • InterlockedExchange.KERNEL32(?,00000000), ref: 030C5BF9
        • WSACloseEvent.WS2_32(?), ref: 030C5C07
        • shutdown.WS2_32(?,00000001), ref: 030C5C1F
        • closesocket.WS2_32(?), ref: 030C5C29
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 518013673-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: 6918130dc1ad1368d661364552996f97bf88d2001aa4d4e8bec1c9dcef3224f2
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: 762157B82117509BE334DF6ACD88B9BB7F5BB45710F18890CE2828A690C7B9F855CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 10003F65
        • SetLastError.KERNEL32(0000139F,?,74DEDFA0,10003688), ref: 10004054
          • Part of subcall function 10002BA0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 10002BB6
          • Part of subcall function 10002BA0: SwitchToThread.KERNEL32 ref: 10002BCA
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • SetEvent.KERNEL32(?), ref: 10003FE9
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • WSACloseEvent.WS2_32(?), ref: 10004003
        • shutdown.WS2_32(?,00000001), ref: 1000401B
        • closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 3254528666-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: 33fc8edb3bfa16432b1da941d8e6096b20875d7008fd88c2fc111e4d4adde92b
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: 392148B56007109BE321DF64C888B5BB7F9FB88791F11891CF28297690CBB9F855CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004074
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004087
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004090
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004099
          • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100015D0
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040B9
        • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100040D4
        • SetEvent.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004150
        • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,74DEDFA0,10003688), ref: 10004157
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
        • String ID:
        • API String ID: 2266972149-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
        • String ID:
        • API String ID: 432566381-0
        • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
        • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
        • malloc.MSVCR100 ref: 10002350
        • memcpy.MSVCR100 ref: 10002397
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: mallocmemcpyvsprintf
        • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
        • API String ID: 4208594302-868042568
        • Opcode ID: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
        • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
        • Opcode Fuzzy Hash: e33a3e9aab2c35b3a9278b31c66f3765ee7b3b6b25c8a529f2c5e94a0bd7b6e3
        • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(1E019B90,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 100079B6
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,1E019B90,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,1E019B90,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
        • String ID:
        • API String ID: 753523128-0
        • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
        • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 030C6FB8
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 030C6FDD
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 030C6FF1
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 030C703C
        • CopyFileA.KERNEL32(?,?,00000000), ref: 030C7072
        • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C70D7
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C70F8
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C7120
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C713A
        • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030C7147
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
        • String ID: D$\msiexec.exe
        • API String ID: 3303475852-2685333904
        • Opcode ID: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
        • Instruction ID: 015c00ddb38ddd1a461c84d49caba998cd0498f5e48e8da70840bb5c7feb1e91
        • Opcode Fuzzy Hash: 50a32cac00cb06d05c7d157f38959f8f26f614886dfdd128313554d1f9b7ce09
        • Instruction Fuzzy Hash: 06516CF190122CAFEB25DB64CCC4AEAB7BDEB48704F0481D9E60997111EA719F85CF60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: lstrlen
        • String ID: MSIINSTANCEGUID=
        • API String ID: 1659193697-2015669138
        • Opcode ID: 4c34a96c52ce7f8d881d7d69f086da8d39f877c8b28c1fa182559fbc1572f388
        • Instruction ID: 77e3310ed62984d476025d7b8357ea8e9189f40612537db87565f36ca4c1247b
        • Opcode Fuzzy Hash: 4c34a96c52ce7f8d881d7d69f086da8d39f877c8b28c1fa182559fbc1572f388
        • Instruction Fuzzy Hash: 1641E836A01214DBCB20AB70EC4DB6E77B6BB44324F19816BEA05E7351EB3C9D42CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1E019B90,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(Al,1E019B90,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
        • realloc.MSVCR100 ref: 1000ADA8
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
        • String ID: Al$Al
        • API String ID: 614970593-2419079684
        • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
        • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleExW.KERNEL32(00000000,Msi.dll,00000000,00000000,?,?,007D3B73), ref: 007D5C06
        • GetProcAddress.KERNEL32(00000000,QueryInstanceCount), ref: 007D5C18
        • FreeLibrary.KERNEL32(00000000,?,?,007D3B73), ref: 007D5C35
        • FreeLibrary.KERNEL32(00000000,?,?,007D3B73), ref: 007D5C42
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: FreeLibrary$AddressHandleModuleProc
        • String ID: Msi.dll$QueryInstanceCount
        • API String ID: 1227796897-1207408768
        • Opcode ID: cfa1e6dc6a0a2cc0e90717daac19e608e0ac814f50778baf577853ccc07750ad
        • Instruction ID: 40848b5ffbf6ef26b16a01a08f2faad0772cb15f143c37ca937d29b876196f70
        • Opcode Fuzzy Hash: cfa1e6dc6a0a2cc0e90717daac19e608e0ac814f50778baf577853ccc07750ad
        • Instruction Fuzzy Hash: C6F0E93166220EFBDB205760CD0AB9D7F79EF04746F154022E406E1260DB3DCE00DA78
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: lstrlen
        • String ID: PECMS$PackageCode$REINSTALL=ALL REINSTALLMODE=%s$rpoedcamusv
        • API String ID: 1659193697-1647986965
        • Opcode ID: 3a9f0623d0a673bf29dff6b86fed0729de0890c7b30f14e6fb10ec2d4ccf98b3
        • Instruction ID: 37ef0dff4bbfb6be18f08a0a08da2a11c5a7cb593a4bf7902c8777c472762c08
        • Opcode Fuzzy Hash: 3a9f0623d0a673bf29dff6b86fed0729de0890c7b30f14e6fb10ec2d4ccf98b3
        • Instruction Fuzzy Hash: C161D1B16087459BD720DB64D859BAB73F8EB94310F14492BF985CB380EB78E908C692
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C6ACE
        • WSASetLastError.WS2_32(0000139F,?,?,?,?,10016034,?,?,10010B78,000000FF), ref: 030C6AE6
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C6AF0
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction ID: 50442d33ec73805e105b9930eed8b10011a5e157ef591165247322e7e26df093
        • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction Fuzzy Hash: 15316CB6605788ABD720DF94DC85F6EB3E8EB49710F04855EF915C7680D73AE850CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,?,?,?,1E019B90,?,?,10010B78,000000FF), ref: 10004ECA
        • WSASetLastError.WS2_32(0000139F,?,?,?,?,1E019B90,?,?,10010B78,000000FF), ref: 10004EE2
        • LeaveCriticalSection.KERNEL32(?), ref: 10004EEC
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
        • Opcode Fuzzy Hash: 8646c40ecdfcfd950b8dbfc3a2faab3b802536982b2565a5de448eb41bc814f5
        • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
        • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
        • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
        • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
        • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
        • String ID:
        • API String ID: 672040072-0
        • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
        • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
        • _CxxThrowException.MSVCR100 ref: 10009153
        Strings
        • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??0exception@std@@ExceptionThrow
        • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
        • API String ID: 2684170311-3812731148
        • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
        • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
        • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
        • HeapFree.KERNEL32(00000000), ref: 100062B5
        • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
        • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
        • HeapFree.KERNEL32(00000000), ref: 100062DB
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: FreeHeap$Process$LibraryVirtual
        • String ID:
        • API String ID: 3521805120-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004761
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000476C
        • Sleep.KERNEL32(00000258), ref: 10004779
        • CloseHandle.KERNEL32(?), ref: 10004794
        • CloseHandle.KERNEL32(?), ref: 1000479D
        • Sleep.KERNEL32(0000012C), ref: 100047AE
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
        • String ID:
        • API String ID: 1019945655-0
        • Opcode ID: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction ID: ab300de59104cfa3b6c6a7cb3b929f183dbe93be0b3bbffdefcd2026bf0c7e40
        • Opcode Fuzzy Hash: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction Fuzzy Hash: FDF030762046146BD610EBA9CC84D4BF3E9EFD9730B218709F26583294CA70FC018BA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
        • Sleep.KERNEL32(00000258), ref: 1000334E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
        • Sleep.KERNEL32(0000012C), ref: 1000337B
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
        • String ID:
        • API String ID: 3137405945-0
        • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
        • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 007D878A: GlobalAlloc.KERNEL32(00000040,00000000,00000000,00000001,00000000,?,007D5E28,00000100), ref: 007D87A2
          • Part of subcall function 007D878A: GlobalFree.KERNEL32(?), ref: 007D87C0
        • GetModuleFileNameW.KERNEL32(?,00000104,00000104,?,?,00001388,?,007DA2B0,000000A8,007D6E7E,00000000,00000000,?), ref: 007D4457
        • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,007DA2B0,000000A8,007D6E7E,00000000,00000000,?), ref: 007D44E0
        • GlobalFree.KERNEL32(?), ref: 007D450F
        • GlobalFree.KERNEL32(?), ref: 007D4590
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Global$Free$Alloc$FileModuleName
        • String ID: %d.%d.%.4d.%d
        • API String ID: 906160587-3399825337
        • Opcode ID: cf42afa305832d68644a45b3c537cb380a2fb1f56d29979e6484ad96dc5d5546
        • Instruction ID: 47274c590c5f2bc2af38d21b51c597783ab9d316bf29f76c6c9db3b12e4d37ae
        • Opcode Fuzzy Hash: cf42afa305832d68644a45b3c537cb380a2fb1f56d29979e6484ad96dc5d5546
        • Instruction Fuzzy Hash: 2A712A71A002289FDF20DB64DD45BAEBBB9FF45310F1441AAE54AA3291DB345E94CF11
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: free
        • String ID:
        • API String ID: 1294909896-0
        • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
        • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,1E019B90,?,00000000,?,10008EF2), ref: 1000C89C
        • memmove.MSVCR100 ref: 1000C8F5
        • memmove.MSVCR100 ref: 1000C91C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
        • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryExA.KERNEL32(?), ref: 007D91E4
        • GetProcAddress.KERNEL32(?,?), ref: 007D924F
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: $
        • API String ID: 2574300362-3993045852
        • Opcode ID: 25c779bbcdb49c43670ec17a3a028082b285351ad771283dac7cb9b4fe1be2e7
        • Instruction ID: 2079d6946e9abffa146ba0517c409f6e641c8b5fa64a1da5c3388be95a469efa
        • Opcode Fuzzy Hash: 25c779bbcdb49c43670ec17a3a028082b285351ad771283dac7cb9b4fe1be2e7
        • Instruction Fuzzy Hash: 31316D71A01219BFCB11CFA9C884AAEBBB5FF48714F14806AE904EB350D739AD01CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position$string too long
        • API String ID: 4248180022-4289949731
        • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
        • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(007DC838,?,?,?,007D3C1E,00000000,00000000), ref: 007D3C31
        • SetServiceStatus.ADVAPI32(007DC850,?,?,?,007D3C1E,00000000,00000000), ref: 007D3CC0
        • GetLastError.KERNEL32(?,?,?,007D3C1E,00000000,00000000), ref: 007D3CCC
        • LeaveCriticalSection.KERNEL32(007DC838,?,?,?,007D3C1E,00000000,00000000), ref: 007D3CDF
        Strings
        • SetServiceStatus failed., xrefs: 007D3CD4
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeaveServiceStatus
        • String ID: SetServiceStatus failed.
        • API String ID: 427148986-1344523210
        • Opcode ID: 5e9e22c49127cee6567f761d7621c80cd0e17e575e280261203ebd2cc72978f6
        • Instruction ID: 1e233c90c94de5eccc6c2d29bf2c6383acffd5d69f3ffc2dbf7965893060ca96
        • Opcode Fuzzy Hash: 5e9e22c49127cee6567f761d7621c80cd0e17e575e280261203ebd2cc72978f6
        • Instruction Fuzzy Hash: C711A372962256DBC7229F29ED48B1577F4E784752F04C12BE909A3370C3BC9D40DBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A,?,007D8B8F,?,?), ref: 007D8AE8
        • LoadLibraryW.KERNEL32(COMCTL32,007D8B8F,?,?), ref: 007D8B10
        • GetProcAddress.KERNEL32(?,InitCommonControlsEx), ref: 007D8B2E
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProcSleep
        • String ID: COMCTL32$InitCommonControlsEx
        • API String ID: 188063004-472741233
        • Opcode ID: f5ab6485f3f0ce756159da3f821a8ccee305dbb6797de3cb7c948f02cd1430e9
        • Instruction ID: 49dd5d948cbf52785051b39b4dac9d44802d76ed86175b301efff0c70f0e3070
        • Opcode Fuzzy Hash: f5ab6485f3f0ce756159da3f821a8ccee305dbb6797de3cb7c948f02cd1430e9
        • Instruction Fuzzy Hash: CBF06DB17422878BD7634B25AD08B163BB5EBA9345F18C437D900D6360EF3CC802CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVersion.KERNEL32(007D6E67,?), ref: 007D63A0
        • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 007D63B3
        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 007D63C4
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressHandleModuleProcVersion
        • String ID: HeapSetInformation$Kernel32.dll
        • API String ID: 3310240892-3460614246
        • Opcode ID: dd923ea26407811e120ec5d26eba5df60177d354ed1610a09389252bbf172a2e
        • Instruction ID: 7c93c460cc1e60e3ec6ec7fd57300843b83025c12005ef64661b33970e66c3fb
        • Opcode Fuzzy Hash: dd923ea26407811e120ec5d26eba5df60177d354ed1610a09389252bbf172a2e
        • Instruction Fuzzy Hash: 74E0C2747422217BDA705776EC8CBAB7F7DEB00BA2741C113B801E23A1DA2CCC0186B8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
        • String ID:
        • API String ID: 2760534091-0
        • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
        • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,1E019B90,?,1E019B90,10008EF2), ref: 1000A71D
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,1E019B90,?,1E019B90,10008EF2), ref: 1000A740
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,1E019B90), ref: 1000A76E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
        • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1E019B90,?,1E019B90,?), ref: 1000CC39
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,1E019B90,?,1E019B90,?), ref: 1000CC5C
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,10010E09,000000FF,?,1000CA00,?,?,1E019B90), ref: 1000CC8A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCCF
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCDC
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction ID: c131282bc4579c986c972f2adb03389835f40558fee83756ef3b82deba687527
        • Opcode Fuzzy Hash: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction Fuzzy Hash: 88512CB5A01259EFEB04DFA8C994B9EBBF5FF48740F108169E805E7345DB70AA01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,1E019B90,00000000,?,00000000,00000000), ref: 1000D6E8
        • _CxxThrowException.MSVCR100 ref: 1000D6FE
          • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
          • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
          • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
        • memcpy.MSVCR100 ref: 1000D740
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
        • String ID:
        • API String ID: 1366379292-0
        • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
        • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,1E019B90,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?,?,10006CA5), ref: 1000C420
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1E019B90,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?), ref: 1000C403
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C435
        • realloc.MSVCR100 ref: 1000C463
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000C472
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@Incref@facet@locale@std@@Lockit@std@@$??0_??0bad_cast@std@@??1_??2@?tolower@?$ctype@Bid@locale@std@@Decref@facet@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV123@V42@@Vfacet@locale@2@Xmem@tr1@std@@reallocstd::locale::facet::_
        • String ID:
        • API String ID: 1657136341-0
        • Opcode ID: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction ID: 4099fa0d0876d1a195df608e329946193385f4c805ecebf18ba5ac7bf75522a8
        • Opcode Fuzzy Hash: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction Fuzzy Hash: F8315975600705EFE710CF59C890A6ABBF5FF88390F15856DE89A8B751D730E940CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 030C5C78
          • Part of subcall function 030C3094: HeapFree.KERNEL32(?,00000000,?,?,?,030C5CB5,?,00000000,030C5C3D,?,100120A0,030C528C), ref: 030C30B1
        • HeapDestroy.KERNEL32(?,?,00000000,030C5C3D,?,100120A0,030C528C), ref: 030C5CBD
        • HeapCreate.KERNEL32(?,?,?,?,00000000,030C5C3D,?,100120A0,030C528C), ref: 030C5CD8
        • SetEvent.KERNEL32(?,?,00000000,030C5C3D,?,100120A0,030C528C), ref: 030C5D54
        • RtlLeaveCriticalSection.NTDLL(?), ref: 030C5D5B
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
        • String ID:
        • API String ID: 563679510-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: 4987b9fd346061e1bf84e10b109abdc47d95326e905b82c4106567968bf8c3d4
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: 0A313678211A42EFD705DB79CC98B9AF7A8FF49310F148259E5298B260DB35B815CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 1000F4D8
        • GetThreadDesktop.USER32(00000000), ref: 1000F4DF
        • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 1000F50C
        • SetThreadDesktop.USER32(00000000), ref: 1000F51F
        • CloseDesktop.USER32(00000000), ref: 1000F52A
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: DesktopThread$CloseCurrentInformationObjectUser
        • String ID:
        • API String ID: 2068333509-0
        • Opcode ID: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction ID: e3654efe5a9c41a35c8fe53e000b4725a99ad254c1d46276c4c7e896ea0ff50d
        • Opcode Fuzzy Hash: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction Fuzzy Hash: 2D1186B1900619AFE725CFA4CC85BEEBBB8FB08751F00426DE605D3280DB74AA51DB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 10002C1F
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10002C35
        • TranslateMessage.USER32(?), ref: 10002C44
        • DispatchMessageA.USER32(?), ref: 10002C4A
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002C58
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
        • String ID:
        • API String ID: 2015114452-0
        • Opcode ID: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction ID: b75dc0117a11b7c765e1435c40dcdf28a4bdf489932a1a838a762226f6e0879c
        • Opcode Fuzzy Hash: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction Fuzzy Hash: 4901A971A40319B6F614D7948C82FAF736CEB05B90F104511FF00EB0D5D6B4E95187B4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
        • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 030C4A20
        • CancelIo.KERNEL32(?), ref: 030C4A2A
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 030C4A33
        • closesocket.WS2_32(?), ref: 030C4A3D
        • SetEvent.KERNEL32(00000001), ref: 030C4A47
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: cee6ac209f6e94ca864fcb13896ec6214ccc8cceeebf64f75e2adaf472fb82b6
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: 62F0ECB6100710EFE220DB94CD89B56B7F8FB49B11F108A59FA9697690C6B4F518CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
        • CancelIo.KERNEL32(?), ref: 10002E26
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
        • closesocket.WS2_32(?), ref: 10002E39
        • SetEvent.KERNEL32(00000001), ref: 10002E43
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __IsNonwritableInCurrentImage.LIBCMT ref: 007D9B4E
        • ?terminate@@YAXXZ.MSVCRT ref: 007D9BF7
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: ?terminate@@CurrentImageNonwritable
        • String ID: csm$csm
        • API String ID: 3343398186-3733052814
        • Opcode ID: faf40d188741b12dcca35f66d5a46ce3fe4a2e31c1ef5914c7f50f87f1c134cc
        • Instruction ID: f5e26f5fe211a493a03157d33457ad0986296ccffda097435f56d5a630407114
        • Opcode Fuzzy Hash: faf40d188741b12dcca35f66d5a46ce3fe4a2e31c1ef5914c7f50f87f1c134cc
        • Instruction Fuzzy Hash: E3510271A00218DFCF10DF68D8849AEBBB5EF84320F198157EA149B392D739ED11CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsCharAlphaNumericW.USER32(?,00000000,00000104,00000000,?,?,?,?,?,007D6B65,?,?,?), ref: 007D614F
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AlphaCharNumeric
        • String ID: "$Property value is too long.$ek}
        • API String ID: 1535711457-3310523873
        • Opcode ID: 8275f05230fcb30736d2aed090fcbc7fce690dca8e7a63723fc18ceae3160985
        • Instruction ID: 11941ab7907b855464e0e9f8b12e71c22e81db01ac2eea3e9dce0bdb1a28ec87
        • Opcode Fuzzy Hash: 8275f05230fcb30736d2aed090fcbc7fce690dca8e7a63723fc18ceae3160985
        • Instruction Fuzzy Hash: 5341B575E00125DBCB24EFA9844457AB3F2FBA8720B648427D9C5E7384F639AD42D7A0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(Msi.dll), ref: 007D3D10
        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007D3D29
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: DllGetClassObject$Msi.dll
        • API String ID: 2574300362-3279299384
        • Opcode ID: 7e08276b6cc1f0aab887eaf8bc6646c449b84df07b9c2e2928e202a8ebc87e20
        • Instruction ID: e8a3544be1cb10625b5615b5f49867922bf19e370635a27559ffa093aff97da3
        • Opcode Fuzzy Hash: 7e08276b6cc1f0aab887eaf8bc6646c449b84df07b9c2e2928e202a8ebc87e20
        • Instruction Fuzzy Hash: CA314A75A51215AFCB14DB68DC44D6EBBB9FF88710711819BE806E33A0DA78AE01CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(Msi.dll,00000000,00000000,?,?,?,007D76B2), ref: 007D3E19
        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007D3E2E
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: DllGetClassObject$Msi.dll
        • API String ID: 2574300362-3279299384
        • Opcode ID: 17dc6f92b7b899a1e98f47b2d77b51a878ebcab7e6e686fcf531461e233ac7ed
        • Instruction ID: f61c3ec25c68aafdd7301c8c4a0c4174c9541a9da9a292529c10aca009126f90
        • Opcode Fuzzy Hash: 17dc6f92b7b899a1e98f47b2d77b51a878ebcab7e6e686fcf531461e233ac7ed
        • Instruction Fuzzy Hash: D6117071A51619AFD710DB94DC44E6EB7B8EB58755F10805AF801E3390D738EE018B64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 007D8A77
        • LoadLibraryW.KERNEL32(COMCTL32), ref: 007D8AA1
        • GetProcAddress.KERNEL32(?), ref: 007D8AC1
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProcSleep
        • String ID: COMCTL32
        • API String ID: 188063004-3719691325
        • Opcode ID: 44bbf485207fdfe7f4d634ea4a60fbc3c8bada23def74dff048ed8ec4bcdaf25
        • Instruction ID: 42bda24c6f4070924824d98f453f14ef0e9fd1f4ffdf0746bb4b76f5be3127e6
        • Opcode Fuzzy Hash: 44bbf485207fdfe7f4d634ea4a60fbc3c8bada23def74dff048ed8ec4bcdaf25
        • Instruction Fuzzy Hash: D6019E32706212ABDB2A9B399D196263BB9EBC5310F18843BE541D7350EA68DC01C7A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,?,1000DE2D,?), ref: 10006383
        • memmove.MSVCR100 ref: 100063AF
        • ??3@YAXPAX@Z.MSVCR100 ref: 100063C7
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@memmove
        • String ID: vector<T> too long
        • API String ID: 1993728168-3788999226
        • Opcode ID: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction ID: 666fb908681a4cb4fcb84fde5cab495aadc7bf52184e8f2216cd687e136a9d11
        • Opcode Fuzzy Hash: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction Fuzzy Hash: 2401D4B16002059FE718CF68CCD982AB7E9EB18240724462DE847C3344E730F950CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: memcpy
        • String ID:
        • API String ID: 3510742995-0
        • Opcode ID: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction ID: 61b773e0558493be9a29dabd4f951307aa74c3da6f26a6b18387d70fbbbfb126
        • Opcode Fuzzy Hash: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction Fuzzy Hash: E2613B75A01606EFEB48CF69C580AD9B7E5FF48390F50866EE85AC7744EB70E944CB80
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcessHeap.KERNEL32(00000000,?,00000000,030C7D2E), ref: 030C7EB2
        • HeapFree.KERNEL32(00000000), ref: 030C7EB9
        • VirtualFree.KERNEL32(?,00000000,00008000,030C7D2E), ref: 030C7ECF
        • GetProcessHeap.KERNEL32(00000000,00000000,030C7D2E), ref: 030C7ED8
        • HeapFree.KERNEL32(00000000), ref: 030C7EDF
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: Heap$Free$Process$Virtual
        • String ID:
        • API String ID: 1594822054-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: adfa5906f217a340e2842e9d1b8b53ab2c3af7674e3c47a620b6513f016a5b2c
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: 2311E872611650EFE771CF65CC88B5BB7E9AB89B11F148A1CE26A865A0C774E841CF20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,030CF683), ref: 030D0CF7
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,030CF683), ref: 030D0D96
          • Part of subcall function 030C3164: RtlDeleteCriticalSection.NTDLL(00000000), ref: 030C3185
        • InterlockedExchange.KERNEL32(?,00000000), ref: 030D0F24
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,030CF683), ref: 030D0F2A
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
        • String ID:
        • API String ID: 106064292-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 4e643aceca0e1bbd584d7d9eea0d96b2f5de424bf0efe48f2108d1149946097c
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 0281C9B0A01B46BFE344DF7AC984796FBA8FB09304F50826EE51D87640D775A964CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,1E019B90,00000000,00000000,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
        • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A40D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A457
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A4A7
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A4EE
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,1E019B90,00000000,00000000,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction ID: 064e6777206eaa59b6d0f19c807af86857d994d2322ab606cc61307b9a3a3038
        • Opcode Fuzzy Hash: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction Fuzzy Hash: CC616274E002899FEF04DFA8C8947DDBBB1FF4A394F108269E815AB345D770A985CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: memcpy
        • String ID: `
        • API String ID: 3510742995-2679148245
        • Opcode ID: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
        • Instruction ID: 64a44a586022bbb4dbe27862fce835f5ea025880b6bcf6f33c1a66c973c0a465
        • Opcode Fuzzy Hash: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
        • Instruction Fuzzy Hash: E251E976A00225EFCB24DFACC8859AAB7B5FF48310B15456BE914EB381E775AE40C790
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • lstrcmpW.KERNEL32(?,007D13CC,?,mewuifsoarpcvxgh!), ref: 007D4A83
        • lstrcmpW.KERNEL32(?,007D13D0,?,mewuifsoarpcvxgh!), ref: 007D4A93
        • lstrcmpW.KERNEL32(?,007D13D8,?,mewuifsoarpcvxgh!), ref: 007D4AA3
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: lstrcmp
        • String ID: mewuifsoarpcvxgh!
        • API String ID: 1534048567-2729521250
        • Opcode ID: ffef0d239b0e41d6199713ead3237e08e3584602fcdeff3f52193240a6e6bb99
        • Instruction ID: 34cf8fdbd9fe4bb4ccb536d570540b54178f11b4ac07c3783115cc99dc54f72a
        • Opcode Fuzzy Hash: ffef0d239b0e41d6199713ead3237e08e3584602fcdeff3f52193240a6e6bb99
        • Instruction Fuzzy Hash: 0841D732B50215E7DB209F65E881AAEB7B5FF84710F188027E941E7390F7789D41C754
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: 968e564a23db375be0751a04258f4133bd644c2828076907a4ae8585ce63c315
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: A63192B5611304AFE760DF68CC81F7EB7E9EB88B10F14459DFA08CB281E6B1D8018B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,007DA2B0,000000A8,007D6E7E,00000000,00000000,?), ref: 007D44E0
        • GlobalFree.KERNEL32(?), ref: 007D450F
        • GlobalFree.KERNEL32(?), ref: 007D4590
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Global$Free$Alloc
        • String ID: %d.%d.%.4d.%d
        • API String ID: 1780285237-3399825337
        • Opcode ID: d2c19b5f4ef14e872e99f17faa5d472658a18aeab67bc5c15320217deb5ec338
        • Instruction ID: 4308bd5802ce79373e022df195b7d44be1407b038d478036bc407d2e77c427b7
        • Opcode Fuzzy Hash: d2c19b5f4ef14e872e99f17faa5d472658a18aeab67bc5c15320217deb5ec338
        • Instruction Fuzzy Hash: 89415C71A00228DFDB20DB64DD45BAEB7B9FF44310F10419AE54AA3291DB345E95CF51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 030CF94E
        • Thread32First.KERNEL32(00000000,?), ref: 030CF965
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 030CFA46
        • CloseHandle.KERNEL32(00000000), ref: 030CFA55
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 030CFAC1
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 030CFADE
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 030CFB9D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 030CFBDC
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 030CFC1B
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 030CFC5A
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 030CFC99
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 030CFCD8
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 030CFD17
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 030CFD56
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 030CFD95
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 030CFDD4
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 030CFE13
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 030CFE52
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 030CFE91
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 030CFEE1
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 030CFEF5
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 030CFF23
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 030CFF40
        • CloseHandle.KERNEL32(?), ref: 030CFF5E
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 030CFF79
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
        • String ID:
        • API String ID: 1747700738-0
        • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction ID: b25eda63948933129bb6d207f37261d98e8f2d0246e35f279b481cc6483fe659
        • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction Fuzzy Hash: 69318671A11246AFDF14CF78C984AAEF7FAFB48714B148A2EE816D7240E770A940CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM ref: 030C6052
        • InterlockedExchange.KERNEL32(?,00000000), ref: 030C6061
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 030C60AF
          • Part of subcall function 030C5B64: GetCurrentThreadId.KERNEL32 ref: 030C5B69
          • Part of subcall function 030C5B64: send.WS2_32(?,1001242C,00000010,00000000), ref: 030C5BCA
          • Part of subcall function 030C5B64: SetEvent.KERNEL32(?), ref: 030C5BED
          • Part of subcall function 030C5B64: InterlockedExchange.KERNEL32(?,00000000), ref: 030C5BF9
          • Part of subcall function 030C5B64: WSACloseEvent.WS2_32(?), ref: 030C5C07
          • Part of subcall function 030C5B64: shutdown.WS2_32(?,00000001), ref: 030C5C1F
          • Part of subcall function 030C5B64: closesocket.WS2_32(?), ref: 030C5C29
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 4080316033-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: 60badfbd8b052c46e0a3c12bc89e3015144436d53b0f0e97712d596adfafccc4
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: 5D318EB6610714ABD630EF69DC84A9BB3E8FF89710F104A0EE58AC7650D672F404CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(1E019B90,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7BA
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(0000005E,1E019B90,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7D5
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C80F
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,?,1000BED7,?,10012890,00000000,0000005E,?,?,?), ref: 1000C82A
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,00000000,00000001,?,6CE30A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 2639648381-0
        • Opcode ID: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction ID: 0dae501bc556696bb7c4d7e10b9c2053542ed37b5a19796234fa89d0372f365e
        • Opcode Fuzzy Hash: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction Fuzzy Hash: 773141B560160AAFEB04DF64C894B6EB7B5FF49750F00C25DE92997394DB34E900CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 030C5FF0
          • Part of subcall function 030C2EC4: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 030C2EEF
          • Part of subcall function 030C5DE4: RtlEnterCriticalSection.NTDLL(030C69BF), ref: 030C5DEC
          • Part of subcall function 030C5DE4: RtlLeaveCriticalSection.NTDLL(030C69BF), ref: 030C5DFA
          • Part of subcall function 030C6674: HeapFree.KERNEL32(?,00000000,?,00000000,030C685F,?,030C5ECC,030C685F,00000000,?,100122A8,030C685F,?), ref: 030C669B
        • SetLastError.KERNEL32(00000000,?), ref: 030C5FDB
        • SetLastError.KERNEL32(00000057), ref: 030C6005
        • WSAGetLastError.WS2_32(?), ref: 030C6014
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
        • String ID:
        • API String ID: 2160363220-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: db8d237601f29dd269a8bfdebb3c1048e5fc8752bf0baba30b3d0a4a82ef8b3b
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: 0411CD36A0125C9BDB20EF69EC445DEB7E8EF89221B4845AAFC0CD7200D631DD1186D0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 100043EC
          • Part of subcall function 100012C0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 100012EB
          • Part of subcall function 10001280: memcpy.MSVCR100 ref: 100012A1
          • Part of subcall function 100041E0: EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CD7017C,10004C5B,?), ref: 100041E8
          • Part of subcall function 100041E0: LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
          • Part of subcall function 10004A70: HeapFree.KERNEL32(?,00000000,?,00000000,10004C5B,?,100042C8,10004C5B,00000000,?,6CD7017C,10004C5B,?), ref: 10004A97
        • SetLastError.KERNEL32(00000000,?), ref: 100043D7
        • SetLastError.KERNEL32(00000057), ref: 10004401
        • WSAGetLastError.WS2_32(?), ref: 10004410
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeavememcpy
        • String ID:
        • API String ID: 993608311-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: c83054a75a0c69128b26031afe2b7a8ad0b6ec7a765fcb7c10a623894899581c
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: 44110676A0512C9BEB00DF69E8846DEB7E8EF882B2B4141B6FC0CD3205DB31DD1186D4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAEventSelect.WS2_32(030C56BF,00000001,00000023), ref: 030C5806
        • WSAGetLastError.WS2_32 ref: 030C5811
        • send.WS2_32(00000001,00000000,00000000,00000000), ref: 030C585C
        • WSAGetLastError.WS2_32 ref: 030C5867
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$EventSelectsend
        • String ID:
        • API String ID: 259408233-0
        • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction ID: d0dae2af5fa99e4199fd240b271bf7bba88bbb67542614f9ab1b3d81db8d9297
        • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction Fuzzy Hash: CE114CB96217409BE760DB7ACCC8A5BB6E9BB89710F104A1DF966C7690D735F410CB10
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,1E019B90,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,1E019B90,00000000,00000000,00000000,6CE2D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
        • String ID:
        • API String ID: 3901553425-0
        • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
        • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(030C69BF), ref: 030C5DEC
        • RtlLeaveCriticalSection.NTDLL(030C69BF), ref: 030C5DFA
        • RtlLeaveCriticalSection.NTDLL(030C69BF), ref: 030C5E5B
        • SetEvent.KERNEL32(207E8915), ref: 030C5E76
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: d2ec30906a257b12e7889e17d64439e44b1b8732ba4ca5be3b39f342fe1789b9
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: A911D3B5601B00AFD768CF79C984A9ABBE9BF5D300B14C86DE55E87221EB30F811CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CD7017C,10004C5B,?), ref: 100041E8
        • LeaveCriticalSection.KERNEL32(10004DBB), ref: 100041F6
        • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
        • SetEvent.KERNEL32(207E8915), ref: 10004272
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
        • InterlockedIncrement.KERNEL32(?), ref: 100049A4
        • InterlockedIncrement.KERNEL32(?), ref: 100049B1
        • timeGetTime.WINMM(?,00000001,?,10003C4F,?,?,00000001), ref: 100049C8
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: IncrementInterlockedTimetime
        • String ID:
        • API String ID: 159728177-0
        • Opcode ID: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
        • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
        • Opcode Fuzzy Hash: 1900333859f91f255c69b243324a6a1f92d966f1343b5a98cade6e717c36f8b7
        • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep
        • String ID:
        • API String ID: 2834455192-0
        • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction ID: 725329007eedd26b7e5b7a77161776bf3217d953d7172a6cceaf8e9f0c94b037
        • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction Fuzzy Hash: 840181B5505321FBE214EBA9CC89E6B77FCEB88304F008508F749961A1D770E924CB62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • free.MSVCR100(?), ref: 100036DC
        • malloc.MSVCR100 ref: 10003718
        • memset.MSVCR100 ref: 10003727
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CreateTimerWaitablefreemallocmemset
        • String ID:
        • API String ID: 3069344516-0
        • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
        • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,74DEDFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
        • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
        • free.MSVCR100(?), ref: 1000EEB5
        • HeapDestroy.KERNEL32(?), ref: 1000EEE3
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Heap$Destroyfree$CreateFree
        • String ID:
        • API String ID: 3907340440-0
        • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
        • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
        • _beginthreadex.MSVCR100 ref: 1000F46F
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
        • CloseHandle.KERNEL32(?), ref: 1000F48A
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
        • String ID:
        • API String ID: 92035984-0
        • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
        • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 007D9C98: GetModuleHandleW.KERNEL32(00000000), ref: 007D9C9F
        • __set_app_type.MSVCRT ref: 007D9292
        • __p__fmode.MSVCRT ref: 007D92A8
        • __p__commode.MSVCRT ref: 007D92B6
        • __setusermatherr.MSVCRT ref: 007D92D7
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
        • String ID:
        • API String ID: 1632413811-0
        • Opcode ID: 06e577e58016248d8ff5645e8f456f251cb9705cfd9ea2d28b5ee4a15ba938bc
        • Instruction ID: 33c37be40550705f8a8dc460491af4aa43cc980b9637bc73dfe9fd67d30377a9
        • Opcode Fuzzy Hash: 06e577e58016248d8ff5645e8f456f251cb9705cfd9ea2d28b5ee4a15ba938bc
        • Instruction Fuzzy Hash: 93F0AC71546346DFD726AB30AD4E5583B71FB05331B11C71BE566863F1DB3E8441CA28
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • StgOpenStorage.OLE32(?,00000000,00000020,00000000,00000000,?), ref: 007D3F75
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: OpenStorage
        • String ID: &
        • API String ID: 222319337-1010288
        • Opcode ID: ba8c7e9fbc27288f9de397c84fe1ec52bcba40a5d9ca0ed6e631eca6866a6901
        • Instruction ID: 1ca38131b4f6d9108efd34975e9fd3d35e5a82d51103df0892f42fdc9112ac11
        • Opcode Fuzzy Hash: ba8c7e9fbc27288f9de397c84fe1ec52bcba40a5d9ca0ed6e631eca6866a6901
        • Instruction Fuzzy Hash: 08912870A50218AFDB24DFA4DD98E6EB7B9FF14314B04852AF516E7290DB34BD44CB21
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
        • memcpy.MSVCR100 ref: 1000D514
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: string too long
        • API String ID: 4248180022-2556327735
        • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
        • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
        • memcpy.MSVCR100 ref: 1000D8B2
          • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
          • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
          • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
        • String ID: string too long
        • API String ID: 433638341-2556327735
        • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
        • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,1E019B90,15555555,?,?,?,00000000), ref: 10008C1D
        • ??3@YAXPAX@Z.MSVCR100 ref: 10008C78
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2313657577-3788999226
        • Opcode ID: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction ID: fb7adf7a1d09ac6a26db31f93637622f031e953306e888bd675b0b75f72f74ca
        • Opcode Fuzzy Hash: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction Fuzzy Hash: A4218EB6A00606AFD704DF5CC980E9AB7F4FB88350F518629E9159B384DB30AA14CBD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??3@YAXPAX@Z.MSVCR100 ref: 100087D0
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,1E019B90,?,1E019B90,00000000,00000000,1E019B90,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(00000000,?,1000ABBA,00000000,00000000,00000001,?,6CE30A41,00000000), ref: 10008789
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??1_??3@Bid@locale@std@@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@V123@
        • String ID: Al
        • API String ID: 503125221-1778873614
        • Opcode ID: 34c07ca1a28c0cac1c46c8f91c418a1a1773f2b163a92778d455ce860451933d
        • Instruction ID: 8261ea698c8fb13e889d9ef692a79a4fd60761dcbb62728df732063f94073a9f
        • Opcode Fuzzy Hash: 34c07ca1a28c0cac1c46c8f91c418a1a1773f2b163a92778d455ce860451933d
        • Instruction Fuzzy Hash: FB21A775A041599FEB04DF68CC51BAEBBB4FF05750F108529E95697784D730EA00CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
          • Part of subcall function 1000D7C0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1000D897,00000000,6F34AF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D7CA
        • memcpy.MSVCR100 ref: 1000D433
        Strings
        • invalid string position, xrefs: 1000D3D2
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position
        • API String ID: 4248180022-1799206989
        • Opcode ID: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction ID: 52917fc2c828b592c0c48c691309feb71193cfbfd6d654fc01bcf82dc82b710e
        • Opcode Fuzzy Hash: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction Fuzzy Hash: B311CE363002119BE714EE6CE8C0AADB7A6FB942A0B54022FF545CB645D771F994C7F1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • gethostname.WS2_32(?,00000100), ref: 030C813C
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 144339138-2058306683
        • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction ID: 43b31f9927e22d7284f12eeca8331d9b451403e8d0e0ae2a5fd02c0a6761bf09
        • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction Fuzzy Hash: B1110FB09423659BD711DF188C81B9D77FDEF48300F00C095E60867290DB70DA95CF59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,1E019B90), ref: 1000D2C8
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@
        • String ID: string too long
        • API String ID: 1004598685-2556327735
        • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
        • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 007D88D6
        • GetProcAddress.KERNEL32(?), ref: 007D891F
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: OLE32
        • API String ID: 1175476452-2276369563
        • Opcode ID: a6f77bd27722eeff9cbcc579db1755944dbc128eb946a28c8dd16cf99ef5435f
        • Instruction ID: 39a413311c3c480f0322a196ca85fb84c3225a882cb0920b84c2f95b6827381d
        • Opcode Fuzzy Hash: a6f77bd27722eeff9cbcc579db1755944dbc128eb946a28c8dd16cf99ef5435f
        • Instruction Fuzzy Hash: D701B5727062529FDB669B359D257363BB5DB85310F08443FE481C7350DE68DC01C7A6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 007D8D70
        • GetProcAddress.KERNEL32(?), ref: 007D8DB9
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: KERNEL32
        • API String ID: 1175476452-1217789123
        • Opcode ID: c455b8aa68a604de7411c7fe3658b0b4198da29e82ab4093e66a72b7fc7482ef
        • Instruction ID: 1df361301631a8720f4dce149a62059a606f9bc395f9b569d35a4f62127e8370
        • Opcode Fuzzy Hash: c455b8aa68a604de7411c7fe3658b0b4198da29e82ab4093e66a72b7fc7482ef
        • Instruction Fuzzy Hash: 0701DE71706252ABEB2A9B399C197663FBBEB99314F08443BD841C73C0DE68DC00C795
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 007D8C1F
        • GetProcAddress.KERNEL32(?), ref: 007D8C68
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: VERSION
        • API String ID: 1175476452-2153328089
        • Opcode ID: fe29cfc0df758b4f0703b857007e6c196109318e2ab1fc0c10eb2729da46a748
        • Instruction ID: edc08c87ab659f96dd94b8f3bec7690bec1055a636aca996c28b7640fd2e735f
        • Opcode Fuzzy Hash: fe29cfc0df758b4f0703b857007e6c196109318e2ab1fc0c10eb2729da46a748
        • Instruction Fuzzy Hash: EA01F131716212AFDB2A9B359C196267BBADB82320F1840BFD545E7350EE68CC01C7B5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,?,1000D3F8,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D34F
        • memmove.MSVCR100 ref: 1000D386
        Strings
        • invalid string position, xrefs: 1000D34A
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xout_of_range@std@@memmove
        • String ID: invalid string position
        • API String ID: 1894236298-1799206989
        • Opcode ID: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction ID: 7c4033c306467bb4ef33dfaef203c6491ed6da220de6590d554043c3ccb312a9
        • Opcode Fuzzy Hash: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction Fuzzy Hash: 8F0171B13046008BE721DA6CEC8861EB7E6EBC1680B254A1DE182C764DD671DD828762
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 030C774E
        • RegCloseKey.ADVAPI32(?), ref: 030C7758
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: Host
        • API String ID: 3132538880-1863695555
        • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction ID: 2e2024fed1b89df701ed944b4e870892a135955ed04a999b79b2e8bdcf3f0bea
        • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction Fuzzy Hash: 4AE08CB4600258AFE725CF648C98FBA7B6ADB89701F108284FD459B250CA31CA15DA90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 030C779E
        • RegCloseKey.ADVAPI32(?), ref: 030C77A8
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4081528885.00000000030C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_30c0000_msiexec.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: BITS
        • API String ID: 3132538880-1135043067
        • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction ID: 2fcbbe71a27964512e8eca25739d46a583bb6ec299b0a2e0fdf51f30b6d71b6d
        • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction Fuzzy Hash: 64E08CB4600258AFE721CB608C9CFBA7B6ADB89701F108284FC459B251DA31CA10CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001), ref: 10005B4A
        • RegCloseKey.ADVAPI32(?), ref: 10005B54
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: Host
        • API String ID: 3132538880-1863695555
        • Opcode ID: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction ID: dcad731e8835d6dae927973394ebae374a698fdf24b40fc78b981aaf5b05d5c2
        • Opcode Fuzzy Hash: 05daf665231b9c39a1f9e10f3bcd31616a873d992d07614c8ada634aecc6e5c0
        • Instruction Fuzzy Hash: A3E0C2B4600254FFE315CF648C9DFBA7B6ADB89301F108380FD459B244CA32DA15C790
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001), ref: 10005B9A
        • RegCloseKey.ADVAPI32(?), ref: 10005BA4
        Strings
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseValue
        • String ID: BITS
        • API String ID: 3132538880-1135043067
        • Opcode ID: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction ID: 335dbc8b6873fe5d047cc230d3b8783f13d6a85026f1eab1c6dcc6bab130e0b3
        • Opcode Fuzzy Hash: b1db10cee23c94763c4cc0d215d91beff71d5cf93aadc3ab79bb224cc7c86889
        • Instruction Fuzzy Hash: FDE0C2B4600254FFE311CB648C9DFBB7B6ADB89302F108280FC459B255CA32DA11CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZ},?,007D5A48,?,?,?), ref: 007D2F8B
        Strings
        • HZ}, xrefs: 007D2F7F
        • Software\Policies\Microsoft\Windows\Installer, xrefs: 007D2F85
        Memory Dump Source
        • Source File: 00000001.00000002.4081298101.00000000007D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 007D0000, based on PE: true
        • Associated: 00000001.00000002.4081257311.00000000007D0000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DD000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000001.00000002.4081333801.00000000007DF000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_7d0000_msiexec.jbxd
        Similarity
        • API ID: Open
        • String ID: HZ}$Software\Policies\Microsoft\Windows\Installer
        • API String ID: 71445658-2911856219
        • Opcode ID: dd242c30afc50e7d8d4ae8d2001caf1ee779a7318474e3ed7578952419ca1e40
        • Instruction ID: c3d867d4b9bc82d44ad4c0bf8d73bf4794df9c2069acc080b86f7e457c5ddec4
        • Opcode Fuzzy Hash: dd242c30afc50e7d8d4ae8d2001caf1ee779a7318474e3ed7578952419ca1e40
        • Instruction Fuzzy Hash: D1D05E715052886EF7225754AC09B727F79C3A0318F14405AB64C52167C56C8C62C398
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
        • memset.MSVCR100 ref: 10005D11
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
        • memcpy.MSVCR100 ref: 10005D39
        Memory Dump Source
        • Source File: 00000001.00000002.4083233675.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000001.00000002.4083217859.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083270319.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083289409.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000001.00000002.4083313923.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_1_2_10000000_msiexec.jbxd
        Similarity
        • API ID: AllocVirtual$memcpymemset
        • String ID:
        • API String ID: 2542864682-0
        • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
        • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
        Uniqueness

        Uniqueness Score: -1.00%