Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1376532
MD5:02e2a24d79187759ef56c784ee5cb655
SHA1:5326be4a1203246f460b5d42d71e2ccd8d07bd95
SHA256:fe2282ef110288bf4b3999c63681def663b5475d7d4fb7eae85fcb54b384afc3
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Early bird code injection technique detected
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject code into remote processes
Drops PE files to the document folder of the user
Found API chain indicative of debugger detection
Queues an APC in another process (thread injection)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sleep loop found (likely to delay execution)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • setup.exe (PID: 6264 cmdline: C:\Users\user\Desktop\setup.exe MD5: 02E2A24D79187759EF56C784EE5CB655)
    • msiexec.exe (PID: 4024 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • explorer.exe (PID: 2872 cmdline: C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • explorer.exe (PID: 3380 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • msedge.exe (PID: 4892 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: 02E2A24D79187759EF56C784EE5CB655)
    • msedge.exe (PID: 5584 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: 02E2A24D79187759EF56C784EE5CB655)
      • msiexec.exe (PID: 4608 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://whois.pconline.com.cn/ipJson.jspJAvira URL Cloud: Label: malware
Source: setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: setup.exe, 00000000.00000003.2094537374.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000B.00000002.2264783144.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 0000000B.00000002.2266958613.0000000010012000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000B.00000002.2264942758.0000000002AA0000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: setup.exe, 00000000.00000003.2094537374.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000B.00000002.2264783144.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr

Networking

barindex
Source: global trafficTCP traffic: 154.91.65.239 ports 13592,1,2,3,5,9
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 154.91.65.239:13592
Source: Joe Sandbox ViewASN Name: IKGUL-26484US IKGUL-26484US
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004013A0 GetProcAddress,RegOpenKeyA,GetProcAddress,RegOpenKeyA,RegQueryValueExA,RegCloseKey,recv,Sleep,Sleep,Sleep,0_2_004013A0
Source: global trafficHTTP traffic detected: GET /ipJson.jsp HTTP/1.1User-Agent: HTTPGETHost: whois.pconline.com.cnCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: bxpalxe175.top
Source: msiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/
Source: msiexec.exe, 0000000B.00000002.2264942758.0000000002AA0000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp
Source: msiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp(dZ
Source: msiexec.exe, 00000002.00000002.4516320985.0000000003323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspJ
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,0_2_0040E890
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,0_2_0040E890
Source: C:\Users\user\Documents\msedge.exeCode function: 6_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,6_2_0040E890
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_0040E890 #540,#1168,#1669,SendMessageA,SendMessageA,SendMessageA,#940,#540,#940,#939,#800,SendMessageA,#940,#540,#940,#939,#800,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,#1168,#2652,#800,#1168,#2652,#800,9_2_0040E890
Source: C:\Users\user\Documents\msedge.exeProcess Stats: CPU usage > 49%
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005463E3 GetVersionExW,GetCurrentProcess,NtQueryInformationProcess,GetCommandLineW,GetStdHandle,GetFileType,memset,memset,RegQueryValueExW,RegCloseKey,RegQueryValueExW,RegCloseKey,CompareStringW,CompareStringW,CompareStringW,memset,GlobalFree,lstrlenW,GlobalFree,CoInitialize,CoRegisterClassObject,GetCurrentThread,OpenThreadToken,GetLastError,OpenEventW,WaitForSingleObject,CloseHandle,RevertToSelf,RegCloseKey,RegEnumKeyW,RevertToSelf,GetCurrentProcess,OpenProcessToken,GetTokenInformation,EqualSid,CloseHandle,GetLastError,memset,CloseHandle,MakeAbsoluteSD,GetLastError,CloseHandle,CloseHandle,CreateEventW,CloseHandle,CreateEventW,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,TranslateMessage,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CoRevokeClassObject,CoUninitialize,GetLastError,GetMessageW,TranslateMessage,DispatchMessageW,2_2_005463E3
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_100057B0 InterlockedExchange,ExitWindowsEx,0_2_100057B0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00695B8C ExitWindowsEx,0_2_00695B8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100057B0 InterlockedExchange,ExitWindowsEx,2_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_030875EC ExitWindowsEx,2_2_030875EC
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_100057B0 InterlockedExchange,ExitWindowsEx,9_2_100057B0
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_00594B1C ExitWindowsEx,9_2_00594B1C
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_100057B0 InterlockedExchange,ExitWindowsEx,11_2_100057B0
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_02AA75EC ExitWindowsEx,11_2_02AA75EC
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_100024D00_2_100024D0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_006926740_2_00692674
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005463E32_2_005463E3
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100024D02_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_030840D42_2_030840D4
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_100024D09_2_100024D0
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_005916049_2_00591604
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_100024D011_2_100024D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_02AA40D411_2_02AA40D4
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00414F64 appears 31 times
Source: C:\Users\user\Documents\msedge.exeCode function: String function: 00414F64 appears 62 times
Source: setup.exe, 00000000.00000000.2057273559.000000000041F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGfxList.EXEJ vs setup.exe
Source: setup.exe, 00000000.00000003.2094537374.00000000006EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs setup.exe
Source: setup.exeBinary or memory string: OriginalFilenameGfxList.EXEJ vs setup.exe
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal84.troj.evad.winEXE@10/4@2/3
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DE90
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,0_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00542F93 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,2_2_00542F93
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,2_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,2_2_1000DD00
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DE90
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,9_2_1000DD00
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_1000DE90 OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,11_2_1000DE90
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_1000DD00 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,?_Xlength_error@std@@YAXPBD@Z,OutputDebugStringA,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,PostThreadMessageA,TerminateProcess,AdjustTokenPrivileges,CloseHandle,??3@YAXPAX@Z,CloseHandle,11_2_1000DD00
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_10005720 OutputDebugStringA,CreateToolhelp32Snapshot,Process32First,_mbsicmp,Process32Next,FindCloseChangeNotification,0_2_10005720
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004129D0 AppendMenuA,#1146,FindResourceA,LoadResource,LockResource,#2096,ImageList_SetBkColor,#1146,LoadBitmapA,#1641,ImageList_AddMasked,#2414,#2414,0_2_004129D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00547DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00547DD0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00547DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00547DD0
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\Documents\msedge.exeJump to behavior
Source: C:\Program Files (x86)\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\1:13592
Source: unknownProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\setup.exe C:\Users\user\Desktop\setup.exe
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe" Jump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: msiexec.pdb source: setup.exe, 00000000.00000003.2094537374.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000B.00000002.2264783144.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 0000000B.00000002.2266958613.0000000010012000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000B.00000002.2264942758.0000000002AA0000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: setup.exe, 00000000.00000003.2094537374.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000B.00000002.2264783144.0000000000541000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: msiexec.exe.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004157F0 push eax; ret 0_2_0041581E
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_10010039 push ecx; ret 0_2_1001004C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_10010275 push ecx; ret 0_2_10010288
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_006A01DD push ecx; ret 0_2_006A01F0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_006A0419 push ecx; ret 0_2_006A042C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00549F2D push ecx; ret 2_2_00549F40
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10010039 push ecx; ret 2_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10010275 push ecx; ret 2_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_03091E79 push ecx; ret 2_2_03091E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_03091C3D push ecx; ret 2_2_03091C50
Source: C:\Users\user\Documents\msedge.exeCode function: 6_2_004157F0 push eax; ret 6_2_0041581E
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_004157F0 push eax; ret 9_2_0041581E
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_10010039 push ecx; ret 9_2_1001004C
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_10010275 push ecx; ret 9_2_10010288
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_0059F16D push ecx; ret 9_2_0059F180
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_0059F3A9 push ecx; ret 9_2_0059F3BC
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_10010039 push ecx; ret 11_2_1001004C
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_10010275 push ecx; ret 11_2_10010288
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_02AB1E79 push ecx; ret 11_2_02AB1E8C
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_02AB1C3D push ecx; ret 11_2_02AB1C50

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00547DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00547DD0
Source: C:\Program Files (x86)\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Program Files (x86)\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3499Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 537Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 5698Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_2-15863
Source: C:\Users\user\Desktop\setup.exeAPI coverage: 4.4 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 10.0 %
Source: C:\Users\user\Documents\msedge.exeAPI coverage: 4.1 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 4.2 %
Source: C:\Program Files (x86)\msiexec.exe TID: 6040Thread sleep count: 3499 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 6040Thread sleep time: -34990s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5940Thread sleep count: 537 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5940Thread sleep time: -1611000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5940Thread sleep count: 5698 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 5940Thread sleep time: -17094000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exeThread sleep count: Count: 3499 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_10006970 GetModuleHandleW,GetProcAddress,OutputDebugStringA,memset,memset,gethostname,gethostbyname,inet_ntoa,strcat_s,strcat_s,strcat_s,inet_ntoa,strcat_s,strcat_s,inet_addr,wsprintfA,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,?_Init@locale@std@@CAPAV_Locimp@12@XZ,?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ,?_Incref@facet@locale@std@@QAEXXZ,??2@YAPAXI@Z,??3@YAXPAX@Z,strncpy,??3@YAXPAX@Z,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,GlobalMemoryStatusEx,OutputDebugStringA,capGetDriverDescriptionA,wsprintfA,OutputDebugStringA,OutputDebugStringA,??3@YAXPAX@Z,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,?_Decref@facet@locale@std@@QAEPAV123@XZ,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_10006970
Source: explorer.exe, 00000005.00000003.2808560500.00000000007AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: msiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWVersion\AppModelUnlock
Source: msiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: msiexec.exe, 00000002.00000002.4516320985.000000000331B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000005.00000003.2808560500.00000000007AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 00000005.00000003.2808560500.00000000007AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |y\Machine\Software\Classes\Applications\%1.exeexeRAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}:
Source: explorer.exe, 00000005.00000003.2808560500.00000000007AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: setup.exe, 00000000.00000002.2096145561.0000000000679000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2095167418.0000000000679000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000002.4517202879.0000000000575000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000B.00000002.2265471547.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_2-16085
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\setup.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Program Files (x86)\msiexec.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_2-16126
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005459F2 GetLastError,RegQueryValueExW,RegCloseKey,GlobalFree,RegCreateKeyExW,RegSetValueExW,lstrlenW,RegSetValueExW,RegCloseKey,memset,OutputDebugStringW,SetLastError,2_2_005459F2
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005463E3 mov eax, dword ptr fs:[00000030h]2_2_005463E3
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_004011D0 RegOpenKeyA,RegCloseKey,GetProcessHeap,RtlAllocateHeap,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,VirtualProtect,CreateThread,0_2_004011D0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_1000FB3C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_0069FCE0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0069FCE0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00549C10 SetUnhandledExceptionFilter,2_2_00549C10
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005495F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_005495F0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_03091740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_03091740
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,9_2_1000FB3C
Source: C:\Users\user\Documents\msedge.exeCode function: 9_2_0059EC70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_0059EC70
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_1000FB3C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,11_2_1000FB3C
Source: C:\Program Files (x86)\msiexec.exeCode function: 11_2_02AB1740 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_02AB1740

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\setup.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\setup.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 3080000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 2AA0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_100052B0 OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,memset,OutputDebugStringA,CreateProcessA,CreateProcessA,memset,??2@YAPAXI@Z,GetNativeSystemInfo,GetSystemWow64DirectoryA,GetSystemDirectoryA,OutputDebugStringA,SHGetFolderPathA,sprintf_s,CopyFileA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,OutputDebugStringA,Wow64SuspendThread,OutputDebugStringA,VirtualAllocEx,OutputDebugStringA,WriteProcessMemory,OutputDebugStringA,QueueUserAPC,ResumeThread,0_2_100052B0
Source: C:\Users\user\Desktop\setup.exeThread APC queued: target process: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\setup.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 3080000Jump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 2AA0000Jump to behavior
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005431A9 FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,GetLengthSid,memset,GlobalAlloc,InitializeAcl,AddAccessAllowedAce,GetAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetSecurityDescriptorLength,MakeSelfRelativeSD,GetLastError,GlobalFree,GetLastError,FreeSid,2_2_005431A9
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_005430F2 AllocateAndInitializeSid,GetLastError,GetLengthSid,FreeSid,GetLengthSid,memcpy,FreeSid,2_2_005430F2
Source: C:\Program Files (x86)\msiexec.exeCode function: memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,2_2_00545C84
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_10010474 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_10010474
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00545C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,2_2_00545C84
Source: msiexec.exe, msiexec.exe, 0000000B.00000002.2266958613.0000000010012000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000B.00000002.2264942758.0000000002AA0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: msiexec.exe, msiexec.exe, 0000000B.00000002.2266958613.0000000010012000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000B.00000002.2264942758.0000000002AA0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium2
Ingress Tool Transfer
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
System Shutdown/Reboot
Acquire InfrastructureGather Victim Identity Information
Default Accounts2
Service Execution
3
Windows Service
1
Access Token Manipulation
2
Obfuscated Files or Information
LSASS Memory11
File and Directory Discovery
Remote Desktop Protocol1
Data from Local System
Exfiltration Over Bluetooth1
Encrypted Channel
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAt1
Registry Run Keys / Startup Folder
3
Windows Service
1
DLL Side-Loading
Security Account Manager14
System Information Discovery
SMB/Windows Admin Shares2
Clipboard Data
Automated Exfiltration1
Non-Standard Port
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin Hook511
Process Injection
12
Masquerading
NTDS141
Security Software Discovery
Distributed Component Object ModelInput CaptureTraffic Duplication2
Non-Application Layer Protocol
Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder
12
Virtualization/Sandbox Evasion
LSA Secrets12
Virtualization/Sandbox Evasion
SSHKeyloggingScheduled Transfer2
Application Layer Protocol
Data Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation
Cached Domain Credentials2
Process Discovery
VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup Items511
Process Injection
DCSync1
Application Window Discovery
Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1376532 Sample: setup.exe Startdate: 18/01/2024 Architecture: WINDOWS Score: 84 35 bxpalxe175.top 2->35 37 whois.pconline.com.cn.ctadns.cn 2->37 39 whois.pconline.com.cn 2->39 43 Antivirus detection for URL or domain 2->43 45 Connects to many ports of the same IP (likely port scanning) 2->45 47 Found API chain indicative of debugger detection 2->47 8 setup.exe 2 3 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 1 2->15         started        signatures3 process4 dnsIp5 41 bxpalxe175.top 154.91.65.239, 13592, 49699, 49700 IKGUL-26484US Seychelles 8->41 27 C:\Users\user\Documents\msedge.exe, PE32 8->27 dropped 29 C:\Program Files (x86)\msiexec.exe, PE32 8->29 dropped 55 Early bird code injection technique detected 8->55 57 Drops PE files to the document folder of the user 8->57 59 Contains functionality to inject code into remote processes 8->59 61 3 other signatures 8->61 17 msiexec.exe 1 13 8->17         started        20 msedge.exe 13->20         started        23 msedge.exe 13->23         started        file6 signatures7 process8 dnsIp9 31 14.29.101.160, 49710, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->31 33 whois.pconline.com.cn.ctadns.cn 14.29.101.168, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->33 49 Early bird code injection technique detected 20->49 51 Writes to foreign memory regions 20->51 53 Allocates memory in foreign processes 20->53 25 msiexec.exe 20->25         started        signatures10 process11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Program Files (x86)\msiexec.exe0%ReversingLabs
C:\Program Files (x86)\msiexec.exe0%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
bxpalxe175.top4%VirustotalBrowse
whois.pconline.com.cn.ctadns.cn1%VirustotalBrowse
whois.pconline.com.cn0%VirustotalBrowse
SourceDetectionScannerLabelLink
http://whois.pconline.com.cn/ipJson.jspJ100%Avira URL Cloudmalware
http://whois.pconline.com.cn/0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jsp(dZ0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jsp0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jsp0%VirustotalBrowse
http://whois.pconline.com.cn/0%VirustotalBrowse
http://whois.pconline.com.cn/ipJson.jspJ0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
bxpalxe175.top
154.91.65.239
truetrueunknown
whois.pconline.com.cn.ctadns.cn
14.29.101.168
truefalseunknown
whois.pconline.com.cn
unknown
unknownfalseunknown
NameMaliciousAntivirus DetectionReputation
http://whois.pconline.com.cn/ipJson.jspfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
http://whois.pconline.com.cn/ipJson.jspJmsiexec.exe, 00000002.00000002.4516320985.0000000003323000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://whois.pconline.com.cn/msiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://whois.pconline.com.cn/ipJson.jsp(dZmsiexec.exe, 00000002.00000002.4516320985.00000000032AA000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
14.29.101.168
whois.pconline.com.cn.ctadns.cnChina
58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
154.91.65.239
bxpalxe175.topSeychelles
26484IKGUL-26484UStrue
14.29.101.160
unknownChina
58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1376532
Start date and time:2024-01-18 07:29:59 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 8m 20s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Potential for more IOCs and behavior
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:1
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:setup.exe
Detection:MAL
Classification:mal84.troj.evad.winEXE@10/4@2/3
EGA Information:
  • Successful, ratio: 80%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 57
  • Number of non-executed functions: 343
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption
  • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target msedge.exe, PID 4892 because there are no executed function
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
TimeTypeDescription
07:30:50AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegistered explorer "C:\Users\user\Documents\msedge.exe"
07:31:26API Interceptor2718202x Sleep call for process: msiexec.exe modified
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
14.29.101.1687r7iKqMM88.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/jsFunction.jsp
fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/jsFunction.jsp
Wolf.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/jsFunction.jsp
14.29.101.160#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/ipJson.jsp
7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
  • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
whois.pconline.com.cn.ctadns.cn#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.169
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.169
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.169
7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.168
fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.168
fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.168
Wolf.exeGet hashmaliciousUnknownBrowse
  • 115.231.173.59
Wolf.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.168
Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.22
Iu2sShP39b.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.20
7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.21
7jA44GSEZf.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.19
SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.19
SBIrg6KygK.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.21
uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.22
uUdRLGRGrU.exeGet hashmaliciousUnknownBrowse
  • 121.14.45.21
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.169
QzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
  • 14.23.101.197
skyljne.mips-20240113-1800.elfGet hashmaliciousMiraiBrowse
  • 113.104.169.239
nfulha516h.elfGet hashmaliciousMiraiBrowse
  • 113.104.107.8
GclZhHgdc9.elfGet hashmaliciousMiraiBrowse
  • 113.104.107.8
dV50CvXGXi.elfGet hashmaliciousMiraiBrowse
  • 42.240.232.18
28UlG1fA5p.elfGet hashmaliciousMiraiBrowse
  • 14.22.222.60
if33NMq1O2.elfGet hashmaliciousMiraiBrowse
  • 14.22.222.69
http://114.67.217.170/bins/sora.x86Get hashmaliciousUnknownBrowse
  • 114.67.217.170
telx86-20231224-0150.elfGet hashmaliciousMiraiBrowse
  • 45.116.63.190
x86-20231214-0334.elfGet hashmaliciousMiraiBrowse
  • 113.97.62.191
x86-20231212-1319.elfGet hashmaliciousMiraiBrowse
  • 121.14.0.6
p34XVUW8pN.elfGet hashmaliciousMiraiBrowse
  • 121.15.108.7
lyLTUlEEaD.elfGet hashmaliciousMiraiBrowse
  • 113.99.33.193
ZsgAt85vHl.elfGet hashmaliciousUnknownBrowse
  • 14.29.123.255
IKGUL-26484USpODiBEZJjp.elfGet hashmaliciousMiraiBrowse
  • 154.219.20.180
q0qyDEouNv.exeGet hashmaliciousFormBook, NSISDropperBrowse
  • 23.235.171.113
x86.elfGet hashmaliciousMiraiBrowse
  • 156.238.135.176
MmVwe8fCiq.elfGet hashmaliciousMiraiBrowse
  • 154.90.25.181
tfG7t54cpz.elfGet hashmaliciousMiraiBrowse
  • 156.249.231.144
1rPT05xWNh.elfGet hashmaliciousMiraiBrowse
  • 156.231.43.201
5rMBaqw63i.elfGet hashmaliciousMiraiBrowse
  • 156.249.231.180
BJkmdaDcpj.elfGet hashmaliciousMiraiBrowse
  • 156.238.135.137
CeUAiDoq7c.elfGet hashmaliciousMiraiBrowse
  • 156.249.231.176
telarm.elfGet hashmaliciousMiraiBrowse
  • 156.249.132.12
Hc4cUTxU09.elfGet hashmaliciousMiraiBrowse
  • 156.231.181.40
5EHBWChBlT.elfGet hashmaliciousMiraiBrowse
  • 156.238.135.152
hfJupY4dpE.elfGet hashmaliciousMiraiBrowse
  • 156.235.27.118
pTr19RmPcX.elfGet hashmaliciousMiraiBrowse
  • 156.238.135.198
BA3TWTDFgH.elfGet hashmaliciousMiraiBrowse
  • 156.247.139.142
x86.elfGet hashmaliciousMiraiBrowse
  • 156.231.181.92
arm7.elfGet hashmaliciousMiraiBrowse
  • 156.252.180.4
x86.elfGet hashmaliciousMiraiBrowse
  • 156.249.231.149
telarm7-20231224-0150.elfGet hashmaliciousMiraiBrowse
  • 156.247.139.188
CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.160
sample.exeGet hashmaliciousUnknownBrowse
  • 14.29.101.169
QzvyLl6PTx.elfGet hashmaliciousMiraiBrowse
  • 14.23.101.197
skyljne.mips-20240113-1800.elfGet hashmaliciousMiraiBrowse
  • 113.104.169.239
nfulha516h.elfGet hashmaliciousMiraiBrowse
  • 113.104.107.8
GclZhHgdc9.elfGet hashmaliciousMiraiBrowse
  • 113.104.107.8
dV50CvXGXi.elfGet hashmaliciousMiraiBrowse
  • 42.240.232.18
28UlG1fA5p.elfGet hashmaliciousMiraiBrowse
  • 14.22.222.60
if33NMq1O2.elfGet hashmaliciousMiraiBrowse
  • 14.22.222.69
http://114.67.217.170/bins/sora.x86Get hashmaliciousUnknownBrowse
  • 114.67.217.170
telx86-20231224-0150.elfGet hashmaliciousMiraiBrowse
  • 45.116.63.190
x86-20231214-0334.elfGet hashmaliciousMiraiBrowse
  • 113.97.62.191
x86-20231212-1319.elfGet hashmaliciousMiraiBrowse
  • 121.14.0.6
p34XVUW8pN.elfGet hashmaliciousMiraiBrowse
  • 121.15.108.7
lyLTUlEEaD.elfGet hashmaliciousMiraiBrowse
  • 113.99.33.193
ZsgAt85vHl.elfGet hashmaliciousUnknownBrowse
  • 14.29.123.255
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Program Files (x86)\msiexec.exe#U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
    sample.exeGet hashmaliciousUnknownBrowse
      Process:C:\Users\user\Desktop\setup.exe
      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
      Category:modified
      Size (bytes):59904
      Entropy (8bit):5.770776695007155
      Encrypted:false
      SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
      MD5:9D09DC1EDA745A5F87553048E57620CF
      SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
      SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
      SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
      Malicious:false
      Antivirus:
      • Antivirus: ReversingLabs, Detection: 0%
      • Antivirus: Virustotal, Detection: 0%, Browse
      Joe Sandbox View:
      • Filename: #U67e5#U8be2#U5165#U53e3.exe, Detection: malicious, Browse
      • Filename: sample.exe, Detection: malicious, Browse
      Reputation:low
      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\msiexec.exe
      File Type:ISO-8859 text
      Category:dropped
      Size (bytes):212
      Entropy (8bit):4.967751774572365
      Encrypted:false
      SSDEEP:6:6bJpDLEs1XKHLo1HXoXXai7+nNtWIzBnAl:AJpxIHLoxYzWNxdAl
      MD5:4CD19DA03E4FBAE30517FB2D2794A438
      SHA1:1BFD8C94A92052970F1B2F89B9A196EDADA5593C
      SHA-256:34C1584A3E286160756139F9FF9AF6D000775E9046A9BA8F8A5716D4C33B9425
      SHA-512:A0D3F3D6527212921CECE422AB7B680B2E63807BEAE6EB33967B4BBD513347A01D903DE2AC93AC8B966CB3CC60F5DF496726E26BCBACA1C03F80F393610277E6
      Malicious:false
      Reputation:low
      Preview:.....if(window.IPCallBack) {IPCallBack({"ip":"154.16.192.193","pro":"....","proCode":"710000","city":"","cityCode":"0","region":"","regionCode":"0","addr":".... .....","regionNames":"","err":"nocity"});}....
      Process:C:\Users\user\Desktop\setup.exe
      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
      Category:dropped
      Size (bytes):397312
      Entropy (8bit):5.700585706813425
      Encrypted:false
      SSDEEP:3072:ZiA5CY04CFPSC0JSiGzcEh1bmRLm2ZHtp28mdpYiS/FEYg/YB13N82BHP08IgbJ6:Zp5CY04uSprfq1bmRi2Z/UE1d7q0
      MD5:02E2A24D79187759EF56C784EE5CB655
      SHA1:5326BE4A1203246F460B5D42D71E2CCD8D07BD95
      SHA-256:FE2282EF110288BF4B3999C63681DEF663B5475D7D4FB7EAE85FCB54B384AFC3
      SHA-512:D2F76C6FA7E40B45EB13719AA4C4B54541462F8A30341C97F949005112CD2C8F113CAA2B85305A62CAB23AB06DA8CFBB5B6677A8ECCCF21BD433029A04D2B759
      Malicious:true
      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O............v.......6....................................................].......r.......Rich............PE..L......e.................p..........&X............@..................................................................................................................................................................................................text....`.......p.................. ..`.rdata...R.......`..................@..@.data...............................@....rsrc............ ..................@..@................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Users\user\Desktop\setup.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:3:ggPYV:rPYV
      MD5:187F488E27DB4AF347237FE461A079AD
      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
      Malicious:false
      Preview:[ZoneTransfer]....ZoneId=0
      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):5.700585706813425
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.96%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:setup.exe
      File size:397'312 bytes
      MD5:02e2a24d79187759ef56c784ee5cb655
      SHA1:5326be4a1203246f460b5d42d71e2ccd8d07bd95
      SHA256:fe2282ef110288bf4b3999c63681def663b5475d7d4fb7eae85fcb54b384afc3
      SHA512:d2f76c6fa7e40b45eb13719aa4c4b54541462f8a30341c97f949005112cd2c8f113caa2b85305a62cab23ab06da8cfbb5b6677a8ecccf21bd433029a04d2b759
      SSDEEP:3072:ZiA5CY04CFPSC0JSiGzcEh1bmRLm2ZHtp28mdpYiS/FEYg/YB13N82BHP08IgbJ6:Zp5CY04uSprfq1bmRi2Z/UE1d7q0
      TLSH:9E847382F68194C5F4265F34205622355EAEAE982F08F1BFDA54BEFED973CC3581824D
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O............v.......6.......................................................].......r.......Rich............PE..L......e...
      Icon Hash:71b018dccec77331
      Entrypoint:0x415826
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      DLL Characteristics:
      Time Stamp:0x65A68CF8 [Tue Jan 16 14:04:40 2024 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:2a651e357bb4e58d6c8d5fff5fab0fcd
      Instruction
      push ebp
      mov ebp, esp
      push FFFFFFFFh
      push 0041A800h
      push 004159ACh
      mov eax, dword ptr fs:[00000000h]
      push eax
      mov dword ptr fs:[00000000h], esp
      sub esp, 68h
      push ebx
      push esi
      push edi
      mov dword ptr [ebp-18h], esp
      xor ebx, ebx
      mov dword ptr [ebp-04h], ebx
      push 00000002h
      call dword ptr [00418710h]
      pop ecx
      or dword ptr [0041EF14h], FFFFFFFFh
      or dword ptr [0041EF18h], FFFFFFFFh
      call dword ptr [0041870Ch]
      mov ecx, dword ptr [0041EF08h]
      mov dword ptr [eax], ecx
      call dword ptr [00418708h]
      mov ecx, dword ptr [0041EF04h]
      mov dword ptr [eax], ecx
      mov eax, dword ptr [00418704h]
      mov eax, dword ptr [eax]
      mov dword ptr [0041EF10h], eax
      call 00007F6DEC60911Bh
      cmp dword ptr [0041E8E0h], ebx
      jne 00007F6DEC60900Eh
      push 004159A8h
      call dword ptr [00418700h]
      pop ecx
      call 00007F6DEC6090EDh
      push 0041E020h
      push 0041E01Ch
      call 00007F6DEC6090D8h
      mov eax, dword ptr [0041EF00h]
      mov dword ptr [ebp-6Ch], eax
      lea eax, dword ptr [ebp-6Ch]
      push eax
      push dword ptr [0041EEFCh]
      lea eax, dword ptr [ebp-64h]
      push eax
      lea eax, dword ptr [ebp-70h]
      push eax
      lea eax, dword ptr [ebp-60h]
      push eax
      call dword ptr [004186F8h]
      push 0041E018h
      push 0041E000h
      call 00007F6DEC6090A5h
      Programming Language:
      • [C++] VS98 (6.0) SP6 build 8804
      • [C++] VS98 (6.0) build 8168
      • [EXP] VC++ 6.0 SP5 build 8804
      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x1c0e80xc8.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f0000x41eb8.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x180000x81c.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x1600a0x17000False0.46957795516304346data6.019283240748381IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x180000x52ba0x6000False0.2548014322916667data4.1924842649596235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x1e0000xf1c0x1000False0.251953125data2.711526683041304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .rsrc0x1f0000x41eb80x42000False0.3412863991477273data5.195605013377587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      NameRVASizeTypeLanguageCountryZLIB Complexity
      RT_BITMAP0x215580x860Device independent bitmap graphic, 272 x 15 x 4, image size 2040ItalianItaly0.3670708955223881
      RT_BITMAP0x5f0b00x3b0Device independent bitmap graphic, 112 x 15 x 4, image size 840ItalianItaly0.4141949152542373
      RT_BITMAP0x21f700x328Device independent bitmap graphic, 82 x 16 x 4, image size 704ItalianItaly0.37623762376237624
      RT_BITMAP0x21db80x1b8Device independent bitmap graphic, 45 x 14 x 4, image size 336ItalianItaly0.31136363636363634
      RT_BITMAP0x222980x5ae0Device independent bitmap graphic, 145 x 150 x 8, image size 22200ItalianItaly0.04543500687757909
      RT_BITMAP0x27d780x37338Device independent bitmap graphic, 385 x 580 x 8, image size 225040, resolution 11811 x 11811 px/m, 256 important colorsItalianItaly0.37460637582705303
      RT_ICON0x1fa080x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512ItalianItaly0.33064516129032256
      RT_ICON0x1fcf00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128ItalianItaly0.4391891891891892
      RT_ICON0x1fe400x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512ItalianItaly0.25268817204301075
      RT_ICON0x201280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ItalianItaly0.4560810810810811
      RT_MENU0x5f4600x322dataItalianItaly0.4613466334164589
      RT_DIALOG0x202e80x12adataItalianItaly0.6241610738255033
      RT_DIALOG0x204180x86dataItalianItaly0.7313432835820896
      RT_DIALOG0x204a00x24cdataItalianItaly0.4812925170068027
      RT_DIALOG0x206f00x3b0dataItalianItaly0.4194915254237288
      RT_DIALOG0x20aa00xe6dataItalianItaly0.6478260869565218
      RT_DIALOG0x20b880x402dataItalianItaly0.4220272904483431
      RT_DIALOG0x20f900x280dataItalianItaly0.465625
      RT_STRING0x5f7880x90dataItalianItaly0.4097222222222222
      RT_STRING0x60a400x304dataItalianItaly0.2966321243523316
      RT_STRING0x60d480x16edataItalianItaly0.2814207650273224
      RT_STRING0x5f8180x40dataItalianItaly0.640625
      RT_STRING0x5f8980x338dataItalianItaly0.3131067961165049
      RT_STRING0x5fd480x2c0dataItalianItaly0.07102272727272728
      RT_STRING0x601a00x3b6dataItalianItaly0.3178947368421053
      RT_STRING0x601280x78dataItalianItaly0.6
      RT_STRING0x5fbd00x178dataItalianItaly0.45478723404255317
      RT_STRING0x600080x120dataItalianItaly0.3715277777777778
      RT_STRING0x5f8580x40dataItalianItaly0.734375
      RT_STRING0x605580x144dataItalianItaly0.29012345679012347
      RT_STRING0x606a00x252dataItalianItaly0.36195286195286197
      RT_STRING0x608f80xacdataItalianItaly0.5988372093023255
      RT_STRING0x609a80x92dataItalianItaly0.5958904109589042
      RT_ACCELERATOR0x202780x70dataItalianItaly0.6875
      RT_GROUP_ICON0x1fe180x22dataItalianItaly1.0
      RT_GROUP_ICON0x202500x22dataItalianItaly1.0294117647058822
      RT_VERSION0x212100x2fcdataItalianItaly0.4607329842931937
      RT_MANIFEST0x1f8800x188XML 1.0 document, ASCII text, with CRLF line terminatorsChineseChina0.5892857142857143
      None0x215100x2edataItalianItaly1.1521739130434783
      None0x215400x16dataItalianItaly1.3636363636363635
      DLLImport
      MFC42.DLL
      MSVCRT.dll_setmbcp, __CxxFrameHandler, qsort, atoi, _stricmp, __dllonexit, _onexit, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp
      KERNEL32.dllGetModuleHandleA, FindResourceA, LoadResource, LockResource, lstrcpynA, GlobalLock, GlobalUnlock, lstrlenA, lstrcpyA, GlobalAlloc, GlobalReAlloc, GlobalFree, Sleep, GetProcessHeap, HeapAlloc, CreateThread, GetProcAddress, CloseHandle, CreateEventA, LoadLibraryA, GetStartupInfoA
      USER32.dllOpenClipboard, GetWindowRect, LoadImageA, DefWindowProcA, GetClassInfoA, SystemParametersInfoA, DrawStateA, GetTabbedTextExtentA, GetMenuState, ModifyMenuA, GetMenuStringA, GetSubMenu, GetMenuItemID, EmptyClipboard, IsRectEmpty, SetCapture, SetRect, GetSystemMetrics, ScreenToClient, LoadCursorA, SetCursor, CopyRect, GetSysColor, DrawTextA, EnableWindow, InvalidateRect, SendMessageA, SetClipboardData, CloseClipboard, GetWindowLongA, GetDlgItem, ShowScrollBar, EnableScrollBar, OffsetRect, GetFocus, FrameRect, CreatePopupMenu, AppendMenuA, GetMessagePos, GetCursorPos, IsWindow, WindowFromPoint, GetKeyState, TranslateMessage, DispatchMessageA, PtInRect, PostMessageA, IsChild, InflateRect, LoadBitmapA, IsWindowVisible, UpdateWindow, ReleaseCapture, GetClientRect, GetParent, GetMenuItemCount, ClientToScreen
      GDI32.dllCreateHalftonePalette, DPtoLP, GetTextColor, GetDIBColorTable, CreateCompatibleBitmap, DeleteObject, CreatePalette, GetDeviceCaps, RealizePalette, CreateFontIndirectA, CreateCompatibleDC, GetObjectA, BitBlt, Polygon, CreateRectRgnIndirect, GetStockObject, SelectObject, StretchBlt, GetTextExtentPoint32A, PatBlt
      ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyA
      COMCTL32.dllImageList_Add, ImageList_GetImageInfo, ImageList_Draw, ImageList_GetIcon, ImageList_AddMasked, ImageList_GetIconSize, ImageList_DrawEx, ImageList_SetBkColor
      WS2_32.dllclosesocket, WSACleanup, WSAStartup, gethostbyname
      MSVCP60.dll??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ
      Language of compilation systemCountry where language is spokenMap
      ItalianItaly
      ChineseChina
      TimestampSource PortDest PortSource IPDest IP
      Jan 18, 2024 07:30:44.584839106 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:44.887654066 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:44.887774944 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:44.888392925 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.190824032 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.190845966 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.190855980 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.190866947 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.191023111 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.191023111 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.493257046 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493283987 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493334055 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493387938 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493455887 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493475914 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.493558884 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.493624926 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.493628025 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.536920071 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.795905113 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.795980930 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796041965 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796134949 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.796391964 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796439886 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.796469927 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796566963 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796613932 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.796776056 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.796971083 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.797020912 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.797169924 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.797271013 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.797316074 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.797405958 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.797508001 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.797552109 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:45.839014053 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.839056969 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:45.839116096 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.099805117 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.099828959 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.099844933 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.099863052 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.099899054 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.099939108 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.099947929 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100053072 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100100994 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.100130081 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100212097 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100256920 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.100301027 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100404024 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100450039 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.100481033 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100572109 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100616932 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.100646973 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100733042 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100788116 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.100816011 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100909948 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.100956917 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.101002932 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101069927 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101116896 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.101144075 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101248026 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101296902 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.101326942 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101386070 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101429939 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101433039 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.101509094 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.101553917 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.141084909 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.141124964 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.141143084 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.141159058 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.141170025 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.141202927 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402041912 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402062893 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402138948 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402138948 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402199984 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402249098 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402252913 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402271986 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402317047 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402345896 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402364016 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402417898 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402446985 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402544975 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402595997 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402626038 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402692080 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402725935 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402726889 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402883053 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.402916908 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.402983904 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403002977 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403040886 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403104067 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403162956 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403202057 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403230906 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403323889 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403362036 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403409004 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403495073 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403533936 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403537989 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403616905 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403656006 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403659105 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403693914 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403728962 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403764963 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403867960 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.403904915 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.403906107 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404019117 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404062986 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404084921 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404171944 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404207945 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404217005 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404304981 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404321909 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404340029 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404385090 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404427052 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404470921 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404489040 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404524088 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404551983 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404607058 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404639959 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404685020 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404762030 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404798031 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.404907942 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.404978991 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.405016899 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.405019999 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.405080080 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.405117989 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.405128956 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.405258894 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.405297995 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.446016073 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446110964 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446146965 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.446281910 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446300983 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446415901 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.446439981 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446458101 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446501017 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.446626902 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446645975 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.446679115 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.704442024 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704468012 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704489946 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704552889 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704602957 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704632044 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.704632044 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.704679012 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704725981 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.704785109 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704811096 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704853058 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.704900980 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.704973936 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705018997 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705032110 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705113888 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705151081 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705183029 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705230951 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705271006 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705293894 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705377102 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705415964 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705437899 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705514908 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705554962 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705606937 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705641031 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705681086 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705709934 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705741882 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705777884 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705806971 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705841064 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.705881119 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.705987930 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706043959 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706084967 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706089020 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706268072 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706319094 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706336975 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706408024 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706453085 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706454992 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706487894 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706526995 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706557989 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706593990 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706636906 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706657887 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706701040 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706743002 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706798077 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706887960 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.706933022 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.706978083 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707057953 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707099915 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707146883 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707201004 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707247019 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707276106 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707374096 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707412958 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707437038 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707478046 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707516909 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707561970 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707622051 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707664967 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707694054 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707782030 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707820892 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707843065 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707876921 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.707918882 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.707936049 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708010912 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708046913 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708123922 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708195925 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708235025 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708262920 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708350897 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708389997 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708421946 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708550930 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708590984 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708615065 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708682060 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708719015 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708738089 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708785057 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708823919 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708827972 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708868980 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708906889 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.708936930 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.708996058 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709053040 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709054947 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709166050 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709208965 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709208965 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709319115 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709357977 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709402084 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709455967 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709496021 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709583998 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709666014 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709703922 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709754944 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709824085 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709861994 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.709927082 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.709995985 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710038900 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710067034 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710155010 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710196972 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710225105 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710314035 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710354090 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710364103 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710422993 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710464001 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710490942 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710525036 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710567951 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710589886 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710669994 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710705996 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710769892 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710815907 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710856915 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.710877895 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710952044 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.710987091 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.711015940 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.711090088 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.711129904 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.740263939 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.748480082 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748498917 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748514891 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748532057 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748549938 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748554945 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.748594046 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.748620987 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748662949 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.748706102 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748815060 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748853922 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.748879910 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.748984098 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749027014 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.749053001 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749114037 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749151945 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.749182940 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749264956 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749299049 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.749325991 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749389887 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:46.749428988 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:46.974591970 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.006994963 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007023096 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007040977 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007086992 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007097006 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007143021 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007148981 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007217884 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007308960 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007318974 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007385015 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007419109 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007438898 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007486105 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007535934 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007535934 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007601023 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007647038 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007688046 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007791996 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007826090 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.007875919 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.007976055 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008007050 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008044958 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008140087 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008168936 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008208990 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008297920 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008331060 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008367062 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008420944 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008460045 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008522034 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008593082 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008627892 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008723021 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008778095 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008809090 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.008869886 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008899927 CET1359249699154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:47.008933067 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.021440029 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:47.068331957 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:48.041930914 CET4969913592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:48.120728016 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:48.433342934 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:30:48.433451891 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:30:49.319055080 CET4970180192.168.2.614.29.101.168
      Jan 18, 2024 07:30:50.333722115 CET4970180192.168.2.614.29.101.168
      Jan 18, 2024 07:30:52.349390984 CET4970180192.168.2.614.29.101.168
      Jan 18, 2024 07:30:56.349356890 CET4970180192.168.2.614.29.101.168
      Jan 18, 2024 07:31:01.185632944 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:01.501646996 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:01.501735926 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:01.502208948 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:01.817800999 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:01.817852020 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:01.817945957 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:01.817986965 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:01.817998886 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:01.818109035 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.133583069 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133625031 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133714914 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.133722067 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133759975 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133831024 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133863926 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.133929968 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.133966923 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.134136915 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.449379921 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.449425936 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.449506998 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.449862003 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.449979067 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450071096 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450129032 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450222969 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450254917 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.450341940 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450395107 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450428963 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.450470924 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450516939 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.450545073 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450614929 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450659990 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.450747013 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.450819969 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.454850912 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.765423059 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765458107 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765475988 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765497923 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765515089 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.765552044 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.765779972 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765841007 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765880108 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765887022 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.765927076 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.765978098 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.765985966 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766062975 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766112089 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.766180038 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766222954 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766273975 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.766308069 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766390085 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766441107 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.766493082 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766680956 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766730070 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.766765118 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766863108 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.766916037 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.766952038 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767039061 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767091036 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.767119884 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767172098 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767220020 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.767234087 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767293930 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.767334938 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.769999027 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.770019054 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.770062923 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:02.770140886 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.770368099 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:02.770425081 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.080949068 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.080991030 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081037998 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081145048 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081182957 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081221104 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081226110 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081264019 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081301928 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081331968 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081399918 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081439972 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081486940 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081579924 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081621885 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081671000 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081784010 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081823111 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.081823111 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.081969976 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082009077 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082011938 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082118034 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082159042 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082194090 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082284927 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082328081 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082339048 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082452059 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082493067 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082539082 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082607985 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082649946 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082729101 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082847118 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.082890034 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.082937956 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083031893 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083076000 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083138943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083230019 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083267927 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083267927 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083336115 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083370924 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083390951 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083475113 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083514929 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083517075 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083584070 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083623886 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083641052 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083713055 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083751917 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083822966 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083862066 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083899021 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.083949089 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.083986044 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084028959 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.084084988 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084121943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084156990 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.084199905 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084270000 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084309101 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.084331036 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084367990 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084404945 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084407091 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.084502935 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.084548950 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.085315943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085397959 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085443974 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.085477114 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085546970 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085582972 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.085728884 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085794926 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085835934 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.085938931 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.085978031 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.086019039 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.130799055 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.396437883 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396507025 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396543026 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396549940 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.396596909 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396632910 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.396661997 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396752119 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396789074 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.396810055 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396897078 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.396933079 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.396960020 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397041082 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397074938 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397100925 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397161961 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397196054 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397197008 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397258043 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397294044 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397310019 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397341013 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397375107 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397404909 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397499084 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397532940 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397599936 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397660971 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397697926 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397721052 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397753954 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397792101 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397818089 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397907019 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.397944927 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.397969961 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398056030 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398092985 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.398159981 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398253918 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398293018 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.398333073 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398437023 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398477077 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.398515940 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398600101 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398634911 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.398685932 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398765087 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398799896 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.398842096 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398942947 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.398984909 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399010897 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399111032 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399148941 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399192095 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399293900 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399334908 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399359941 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399621964 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399658918 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399683952 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399776936 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399811983 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399843931 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399904013 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.399946928 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.399970055 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400070906 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400113106 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.400141001 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400238991 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400274038 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.400343895 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400414944 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400449991 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.400516033 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400607109 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400640011 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.400716066 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400794983 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.400827885 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.401124001 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401212931 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401252031 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.401298046 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401420116 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401454926 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.401524067 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401603937 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401637077 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.401711941 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401822090 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401856899 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.401884079 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.401987076 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402024031 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.402070045 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402172089 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402209997 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.402236938 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402354956 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402389050 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.402415037 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402537107 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402576923 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.402688980 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402898073 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.402930975 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403011084 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403106928 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403145075 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403188944 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403299093 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403333902 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403363943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403454065 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403491020 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403517962 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403611898 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403647900 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403712988 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403789043 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403821945 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.403862953 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.403973103 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404011965 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.404052019 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404234886 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404273033 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.404314995 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404411077 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404443026 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.404488087 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404581070 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404617071 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.404661894 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404727936 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404759884 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.404840946 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404931068 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.404966116 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.405009985 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405102968 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405147076 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.405244112 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405329943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405390024 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405416965 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.405447960 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405481100 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.405524969 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405781984 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.405818939 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.405914068 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406035900 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406069040 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.406142950 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406236887 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406269073 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.406313896 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406411886 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406445980 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.406486034 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406608105 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.406647921 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.412316084 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.711920977 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.711961985 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712019920 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712044954 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712106943 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712146997 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712184906 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712223053 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712260008 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712265015 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712296963 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712331057 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712335110 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712372065 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712405920 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712409973 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712445974 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712472916 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712481976 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712522030 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712567091 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712559938 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712622881 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712651968 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712658882 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712696075 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712732077 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712759972 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712769032 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712804079 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712838888 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712867975 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712876081 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712912083 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712948084 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.712976933 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.712985039 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.713017941 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:03.713248014 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:03.787012100 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:04.349313974 CET4970180192.168.2.614.29.101.168
      Jan 18, 2024 07:31:06.568370104 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:06.878978968 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:06.927439928 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:10.447076082 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:10.786276102 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:10.786457062 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:10.790766001 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:11.044331074 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:11.044394970 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:11.044490099 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:11.044569969 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:11.129080057 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:11.655164003 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:11.655203104 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:31:11.655281067 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:11.655281067 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:31:11.677750111 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:11.989322901 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:12.130676985 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:25.053555012 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:25.363892078 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:25.412029982 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:45.193181992 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:31:45.504991055 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:31:45.552517891 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:03.099548101 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:03.410276890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:32:03.474370003 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:04.106230974 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:32:04.106301069 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:11.656723976 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:32:11.656922102 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:32:19.083729029 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:19.394686937 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:32:19.568037033 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:36.037012100 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:36.347773075 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:32:36.474354029 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:38.943438053 CET4971080192.168.2.614.29.101.160
      Jan 18, 2024 07:32:39.282550097 CET804971014.29.101.160192.168.2.6
      Jan 18, 2024 07:32:51.708682060 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:32:52.020638943 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:32:52.177539110 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:04.417696953 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:33:04.417929888 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:07.552598000 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:07.863219023 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:33:07.974289894 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:24.599350929 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:24.909809113 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:33:24.974214077 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:41.568110943 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:41.878303051 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:33:41.974244118 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:58.380866051 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:33:58.691308975 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:33:58.880644083 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:04.734031916 CET1359249702154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:04.734101057 CET4970213592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:06.294135094 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:06.604537964 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:06.604844093 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:06.915019989 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:06.915115118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:06.915205002 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:06.915273905 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:06.915286064 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:06.915337086 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:06.976437092 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.225719929 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.225734949 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.225847006 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.542099953 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.542113066 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.542121887 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.542197943 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.542258024 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.677514076 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.852356911 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.852402925 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.852473021 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.852567911 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:07.852567911 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.852567911 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:07.974194050 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.162995100 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.163007975 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.163187981 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.163198948 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.163276911 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.163276911 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.474174976 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.474296093 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.474358082 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.474370003 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.474380016 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.474603891 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.568089962 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.784693003 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.784888029 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.785028934 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.785049915 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.785060883 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.785072088 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:08.785115004 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:08.785115004 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.095299959 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.095360041 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.095443010 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.095500946 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.095495939 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.095495939 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.177323103 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.405958891 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.405978918 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.406308889 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.406359911 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.406383038 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.406450987 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.716427088 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.716475964 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.716583967 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:09.716598988 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:09.716648102 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.027122021 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.027143955 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.027153969 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.027163982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.027239084 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.027326107 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.027417898 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.027417898 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.337709904 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.337771893 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.337805986 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.337820053 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.337913990 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.661176920 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.661199093 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.661207914 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.661217928 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.661230087 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.661392927 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.661392927 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.972256899 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.972317934 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.972349882 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.972383022 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:10.972486973 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:10.972487926 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.068056107 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.283090115 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.283133030 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.283149958 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.283380032 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.593836069 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.593961000 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.593964100 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.594012976 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.594064951 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.904243946 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.904360056 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.904422045 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:11.904443026 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:11.904480934 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.214639902 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.214663029 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.214721918 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.214752913 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.214790106 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.214797974 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.380533934 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.525064945 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.525234938 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.525263071 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.525265932 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.525304079 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.525352001 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.568038940 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.835673094 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.835747004 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.835908890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.835922956 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:12.835949898 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:12.835967064 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.145966053 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.145988941 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.146006107 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.146018982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.146058083 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.146261930 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.456274033 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.456360102 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.456373930 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.456413031 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.456446886 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.456453085 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.568042040 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.766442060 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.766505003 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:13.766562939 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:13.864818096 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.076534986 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.076587915 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.076600075 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.076606989 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.076731920 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.076806068 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.387171984 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.387236118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.387269974 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.387275934 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.387305021 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.387456894 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.474175930 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.697490931 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.697526932 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.697562933 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.697594881 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:14.697762012 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.697762012 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:14.880551100 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.007987976 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.007999897 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.008058071 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.008061886 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.008097887 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.008141994 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.318506956 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.318542957 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.318558931 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.318574905 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.318747997 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.318747997 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.629345894 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.629378080 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.629395008 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.629420996 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.629446030 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.629456043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.677396059 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.939892054 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.939954996 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.939990997 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:15.940098047 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:15.940098047 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.250376940 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.250518084 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.250551939 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.250550032 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.250602961 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.250663996 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.250730991 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.250782013 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.560734034 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.560771942 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.560806036 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.561007977 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.561007977 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.871332884 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871400118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871433020 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871463060 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871493101 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871527910 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:16.871551037 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.871551037 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:16.871551037 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:17.067966938 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:17.177428007 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:17.181879997 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:17.181926012 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:17.181961060 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:17.182013035 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:17.487557888 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:18.996537924 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.307239056 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.307377100 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.618916035 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.618997097 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.618999004 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.619100094 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.619152069 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.619250059 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.677400112 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.930474043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.930541992 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.930577993 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:19.930692911 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:19.930694103 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.241120100 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.241162062 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.241194010 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.241225958 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.241358995 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.241358995 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.380531073 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.551788092 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.551821947 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.551872969 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.551973104 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.552020073 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.552056074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.677444935 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.862581968 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.862643957 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.862663984 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.862802982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.862910986 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:20.862911940 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:20.862958908 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.173316002 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.173373938 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.173408031 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.173522949 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.173523903 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.483874083 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.484019041 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.484107971 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.484106064 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.484179020 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.795474052 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.795495987 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.795530081 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.795545101 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.795582056 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:21.795589924 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.795628071 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:21.795675039 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.106101990 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.106249094 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.106281042 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.106307983 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.106350899 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.427301884 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.427361965 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.427398920 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.427406073 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.427416086 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.427432060 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.427576065 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.751705885 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.751765013 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.751797915 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.751832962 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:22.751892090 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.751892090 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:22.864829063 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.063402891 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.063465118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.063503981 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.063508034 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.063536882 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.063543081 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.177412987 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.374188900 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.374247074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.374275923 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.374284029 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.374356031 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.684992075 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.685051918 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.685090065 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.685094118 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.685127974 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.685165882 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:23.685173035 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:23.685215950 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.004914045 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.005008936 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.005027056 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.005048037 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.005126953 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.067959070 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.315592051 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.315817118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.315840006 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.315865993 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.315903902 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.626563072 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.626729012 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.626754045 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.626879930 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.626915932 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.626935005 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.693097115 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.937043905 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.937235117 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.937239885 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.937336922 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:24.937393904 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:24.937434912 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.068037987 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.254457951 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.254498959 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.254580021 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.254664898 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.254806995 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.254821062 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.364833117 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.565099955 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.565157890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.565165043 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.565191984 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.565248966 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.565350056 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.677342892 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.875299931 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.875336885 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.875371933 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:25.875468969 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:25.875468969 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.186012983 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.186048985 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.186208010 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.186388969 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.186451912 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.496695995 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.496778011 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.496896982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.496968031 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.496968031 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.497031927 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.567934036 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.812712908 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.812743902 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.812793970 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.812828064 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.812858105 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.812870979 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:26.812875032 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:26.812911987 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.123222113 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.123286009 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.123321056 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.123354912 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.123492002 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.123492002 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.177539110 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.434259892 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.434289932 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.434307098 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.434323072 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.434340000 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.434403896 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.567936897 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.744757891 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.744791031 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.744828939 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.744831085 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.744868994 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:27.744920969 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:27.864824057 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.055380106 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.055412054 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.055422068 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.055665970 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.365943909 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.366044044 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.366142988 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.567939997 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.677531958 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.678689957 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.678769112 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.679130077 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.679167032 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.679198027 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.679219007 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.679230928 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.679280996 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.987828970 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.987893105 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.987940073 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.988106012 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.988140106 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.988260984 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.988260984 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.988303900 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:28.988354921 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:28.988682985 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.298888922 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.298962116 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.298979998 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.299002886 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:29.299158096 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:29.317250013 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.380423069 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:29.609587908 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.609741926 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:29.609777927 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.609812021 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:29.609874964 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:29.974215984 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.062406063 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.062546015 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.291239977 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291317940 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291352987 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291385889 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291449070 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291482925 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291539907 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.291539907 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.291539907 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.291613102 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291779041 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.291829109 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.373372078 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.602072001 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.602240086 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.602273941 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.602307081 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.602304935 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.602338076 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.677319050 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.912806034 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.912866116 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.912884951 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.912899017 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.912933111 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.912942886 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:30.912966013 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:30.913009882 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.223640919 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.223668098 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.223683119 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.223793983 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.364793062 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.534174919 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.534223080 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.534257889 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.534313917 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.534364939 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.535279036 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.844744921 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.844800949 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.844834089 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.844868898 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:31.844990969 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.844990969 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:31.974201918 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.155548096 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.155569077 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.155577898 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.155590057 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.155656099 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.155693054 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.466209888 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.466324091 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.776952982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.777013063 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.777045012 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.777043104 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.777077913 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.777087927 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:32.777120113 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:32.777158022 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.087425947 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.087449074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.087493896 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.087513924 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.087551117 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.087569952 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.177328110 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.397854090 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.397943020 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.397963047 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.397994041 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.398041964 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.398101091 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.398185015 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.708388090 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.708476067 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.708544970 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.708655119 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.708703041 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:33.708794117 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:33.880441904 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:34.020354033 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.020443916 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:34.020956039 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.021399975 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.021440983 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.021487951 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:34.068110943 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:34.331747055 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.331814051 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.331846952 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.331881046 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:34.331969023 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:34.331969023 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:36.061609983 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:36.372380972 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.372468948 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:36.684767962 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.684801102 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.684822083 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.684997082 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:36.995805025 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.995841980 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.995876074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:36.995877028 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:36.995922089 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.306390047 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.306442976 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.306477070 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.306478977 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.306529999 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.306596041 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.306629896 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.306674004 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.616933107 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.617029905 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.617084026 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.617201090 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.617238998 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.617362976 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.677294970 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.927208900 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.927244902 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.927314043 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.927607059 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.927669048 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:37.927766085 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:37.927766085 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.238158941 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.238219976 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.238243103 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.238253117 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.238290071 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.238305092 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.380429983 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.549016953 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.549081087 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.549115896 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.549240112 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.549240112 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.860038996 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.860097885 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.860121965 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:38.860136032 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:38.860188007 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.170712948 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.170774937 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.170806885 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.170821905 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.170841932 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.170857906 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.364799023 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.486143112 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.486171007 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.486179113 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.486186981 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.486460924 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.805560112 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.805609941 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.805635929 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.805650949 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:39.805799961 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:39.805887938 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:40.116178036 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.116367102 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:40.116421938 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.116445065 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.116574049 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:40.427983999 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.428039074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.428169012 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.428174019 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:40.428255081 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:40.739011049 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.739028931 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.739033937 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.739037991 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.739042997 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:40.739243031 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.049971104 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.050020933 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.050050020 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.050052881 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.050085068 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.050111055 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.177292109 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.360584974 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.360620975 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.360662937 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.360805988 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.360838890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.360863924 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.568042994 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.677308083 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.863495111 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.863758087 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.987895966 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.987994909 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988029003 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988060951 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988178015 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988212109 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988230944 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.988231897 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.988231897 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.988245964 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988277912 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988302946 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:41.988313913 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:41.988365889 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.173943043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.298343897 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.298417091 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.298724890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.298868895 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.298923016 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.298949957 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.298995972 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.299038887 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.611382008 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.611440897 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.611511946 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.611581087 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.611581087 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.922331095 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.922363043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.922379971 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.922435999 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.922435999 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:42.922528982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:42.974257946 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.232964039 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.233026981 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.233159065 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.233194113 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.233248949 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.233249903 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.543756962 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.543785095 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.543833971 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.543927908 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.543945074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.543977022 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.677294970 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.854072094 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.854260921 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.854366064 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.854444027 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.854511023 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:43.854526043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:43.974174976 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.165026903 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.165174961 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.165246010 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.165326118 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.165359020 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.165465117 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.380553961 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.478096962 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.478391886 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.478420019 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.478513002 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.478545904 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.478574991 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.567924976 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.789048910 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.789108038 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.789143085 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:44.789145947 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:44.789191961 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.099375963 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.099505901 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.099678040 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.099711895 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.099746943 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.099842072 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.099842072 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.177289009 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.422904968 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.423126936 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.423161983 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.423198938 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.423213959 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.423302889 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.567956924 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.733721972 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.733757973 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.733788967 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.733867884 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.733922958 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:45.733975887 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:45.880528927 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.045178890 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.045241117 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.045277119 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.045289993 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.045447111 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.358843088 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.358880043 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.358913898 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.358937979 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.359008074 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.359085083 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.474311113 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.673867941 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.673933029 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.674019098 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.674082994 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.674129963 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.984427929 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.984493971 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.984528065 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.984561920 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.984596014 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:46.984754086 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:46.984754086 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:47.068010092 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:48.213807106 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:48.528012991 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:48.528125048 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:48.838470936 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:48.838524103 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:48.838562965 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:48.838634014 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:48.838634014 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:49.148772955 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.148792982 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.148834944 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.148843050 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:49.148880005 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:49.148950100 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.365030050 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:49.460076094 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.460139990 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.460185051 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.460244894 CET1359249700154.91.65.239192.168.2.6
      Jan 18, 2024 07:34:49.460458994 CET4970013592192.168.2.6154.91.65.239
      Jan 18, 2024 07:34:49.460458994 CET4970013592192.168.2.6154.91.65.239
      TimestampSource PortDest PortSource IPDest IP
      Jan 18, 2024 07:30:44.251389027 CET6509753192.168.2.61.1.1.1
      Jan 18, 2024 07:30:44.579898119 CET53650971.1.1.1192.168.2.6
      Jan 18, 2024 07:30:48.977257013 CET4936853192.168.2.61.1.1.1
      Jan 18, 2024 07:30:49.312130928 CET53493681.1.1.1192.168.2.6
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 18, 2024 07:30:44.251389027 CET192.168.2.61.1.1.10xaa5bStandard query (0)bxpalxe175.topA (IP address)IN (0x0001)false
      Jan 18, 2024 07:30:48.977257013 CET192.168.2.61.1.1.10x5f6aStandard query (0)whois.pconline.com.cnA (IP address)IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 18, 2024 07:30:44.579898119 CET1.1.1.1192.168.2.60xaa5bNo error (0)bxpalxe175.top154.91.65.239A (IP address)IN (0x0001)false
      Jan 18, 2024 07:30:49.312130928 CET1.1.1.1192.168.2.60x5f6aNo error (0)whois.pconline.com.cnwhois.pconline.com.cn.ctadns.cnCNAME (Canonical name)IN (0x0001)false
      Jan 18, 2024 07:30:49.312130928 CET1.1.1.1192.168.2.60x5f6aNo error (0)whois.pconline.com.cn.ctadns.cn14.29.101.168A (IP address)IN (0x0001)false
      Jan 18, 2024 07:30:49.312130928 CET1.1.1.1192.168.2.60x5f6aNo error (0)whois.pconline.com.cn.ctadns.cn14.29.101.160A (IP address)IN (0x0001)false
      Jan 18, 2024 07:30:49.312130928 CET1.1.1.1192.168.2.60x5f6aNo error (0)whois.pconline.com.cn.ctadns.cn14.29.101.169A (IP address)IN (0x0001)false
      • whois.pconline.com.cn
      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.64971014.29.101.160804024C:\Program Files (x86)\msiexec.exe
      TimestampBytes transferredDirectionData
      Jan 18, 2024 07:31:10.790766001 CET103OUTGET /ipJson.jsp HTTP/1.1
      User-Agent: HTTPGET
      Host: whois.pconline.com.cn
      Cache-Control: no-cache
      Jan 18, 2024 07:31:11.655164003 CET589INHTTP/1.1 200 OK
      Server: openresty
      Date: Thu, 18 Jan 2024 06:31:11 GMT
      Content-Type: text/html; charset=GBK
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      Cache-Control: no-cache
      Age: 0
      Ctl-Cache-Status: MISS from hb-wuhan9-ca05, MISS from gd-guangzhou8-ca20, MISS from gd-guangzhou8-ca19
      Request-Id: 65a8c5ae1db426b4459e8a1e55e83eb7
      Data Raw: 64 34 0d 0a 0a 0a 0a 0a 0a 69 66 28 77 69 6e 64 6f 77 2e 49 50 43 61 6c 6c 42 61 63 6b 29 20 7b 49 50 43 61 6c 6c 42 61 63 6b 28 7b 22 69 70 22 3a 22 31 35 34 2e 31 36 2e 31 39 32 2e 31 39 33 22 2c 22 70 72 6f 22 3a 22 cc a8 cd e5 ca a1 22 2c 22 70 72 6f 43 6f 64 65 22 3a 22 37 31 30 30 30 30 22 2c 22 63 69 74 79 22 3a 22 22 2c 22 63 69 74 79 43 6f 64 65 22 3a 22 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 22 2c 22 72 65 67 69 6f 6e 43 6f 64 65 22 3a 22 30 22 2c 22 61 64 64 72 22 3a 22 cc a8 cd e5 ca a1 20 cc a8 b1 b1 ca d0 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 73 22 3a 22 22 2c 22 65 72 72 22 3a 22 6e 6f 63 69 74 79 22 7d 29 3b 7d 0a 0a 0a 0a 0d 0a
      Data Ascii: d4if(window.IPCallBack) {IPCallBack({"ip":"154.16.192.193","pro":"","proCode":"710000","city":"","cityCode":"0","region":"","regionCode":"0","addr":" ","regionNames":"","err":"nocity"});}
      Jan 18, 2024 07:31:11.655203104 CET5INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Click to jump to process

      Click to jump to process

      Click to dive into process behavior distribution

      Click to jump to process

      Target ID:0
      Start time:07:30:43
      Start date:18/01/2024
      Path:C:\Users\user\Desktop\setup.exe
      Wow64 process (32bit):true
      Commandline:C:\Users\user\Desktop\setup.exe
      Imagebase:0x400000
      File size:397'312 bytes
      MD5 hash:02E2A24D79187759EF56C784EE5CB655
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Target ID:2
      Start time:07:30:47
      Start date:18/01/2024
      Path:C:\Program Files (x86)\msiexec.exe
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
      Imagebase:0x540000
      File size:59'904 bytes
      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Antivirus matches:
      • Detection: 0%, ReversingLabs
      • Detection: 0%, Virustotal, Browse
      Reputation:moderate
      Has exited:false

      Target ID:4
      Start time:07:30:58
      Start date:18/01/2024
      Path:C:\Windows\explorer.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
      Imagebase:0x7ff609140000
      File size:5'141'208 bytes
      MD5 hash:662F4F92FDE3557E86D110526BB578D5
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:5
      Start time:07:30:58
      Start date:18/01/2024
      Path:C:\Windows\explorer.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      Imagebase:0x7ff609140000
      File size:5'141'208 bytes
      MD5 hash:662F4F92FDE3557E86D110526BB578D5
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:6
      Start time:07:31:00
      Start date:18/01/2024
      Path:C:\Users\user\Documents\msedge.exe
      Wow64 process (32bit):false
      Commandline:"C:\Users\user\Documents\msedge.exe"
      Imagebase:0x400000
      File size:397'312 bytes
      MD5 hash:02E2A24D79187759EF56C784EE5CB655
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Target ID:9
      Start time:07:31:00
      Start date:18/01/2024
      Path:C:\Users\user\Documents\msedge.exe
      Wow64 process (32bit):true
      Commandline:"C:\Users\user\Documents\msedge.exe"
      Imagebase:0x400000
      File size:397'312 bytes
      MD5 hash:02E2A24D79187759EF56C784EE5CB655
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:11
      Start time:07:31:04
      Start date:18/01/2024
      Path:C:\Program Files (x86)\msiexec.exe
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
      Imagebase:0x540000
      File size:59'904 bytes
      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      Reset < >

        Execution Graph

        Execution Coverage:3.3%
        Dynamic/Decrypted Code Coverage:75.7%
        Signature Coverage:26%
        Total number of Nodes:304
        Total number of Limit Nodes:13
        execution_graph 16349 408c10 #1134 #2621 #6117 #4159 #823 16350 408c88 16349->16350 16351 408c6b #520 16349->16351 16352 408c8a #986 #296 #5214 #5301 16350->16352 16351->16352 16353 408cc7 #617 16352->16353 16354 408cea #6215 UpdateWindow #617 16352->16354 16355 413280 #4457 16356 413338 16355->16356 16357 413298 #2120 16355->16357 16357->16356 16358 4132b8 #4163 16357->16358 16358->16356 16359 4132c8 16358->16359 16364 4131d0 #823 16359->16364 16361 4132cd #2117 16361->16356 16362 4132e9 #6000 16361->16362 16362->16356 16363 4132fb #5871 #2626 #2627 #2494 16362->16363 16365 413222 16364->16365 16366 41321b 16364->16366 16375 401290 16365->16375 16374 4010b0 WSAStartup CreateEventA 16366->16374 16369 413249 16372 413254 16369->16372 16373 413256 Sleep 16369->16373 16372->16372 16373->16361 16374->16365 16379 4012b0 GetProcAddress socket 16375->16379 16377 4012a0 16377->16369 16378 401190 GetProcAddress send 16377->16378 16378->16369 16380 4012e4 16379->16380 16381 4012da 16379->16381 16382 4012e6 GetProcAddress gethostbyname 16380->16382 16381->16377 16383 401311 GetProcAddress connect 16382->16383 16384 401341 LoadLibraryA GetProcAddress 16383->16384 16385 40137b CreateThread 16383->16385 16386 40135c LoadLibraryA GetProcAddress 16384->16386 16385->16377 16388 4013a0 16385->16388 16387 401376 16386->16387 16387->16382 16389 4013aa 16388->16389 16390 4013ea GetProcAddress RegOpenKeyA RegQueryValueExA RegCloseKey recv 16389->16390 16391 40146e Sleep Sleep Sleep 16389->16391 16392 4014aa 16389->16392 16390->16389 16390->16392 16391->16389 16391->16392 16395 4011d0 RegOpenKeyA RegCloseKey GetProcessHeap RtlAllocateHeap 16392->16395 16394 4014e9 16396 401211 16395->16396 16397 401217 16395->16397 16396->16394 16398 40122d 6 API calls 16397->16398 16398->16394 16399 68e5a0 16398->16399 16402 68e5b0 16399->16402 16405 68e5e0 16402->16405 16404 68e5aa 16424 68edb0 16405->16424 16407 68e5e8 16446 68e9d0 16407->16446 16409 68e5fa 16410 68e610 16409->16410 16411 68e603 16409->16411 16472 68eb30 16410->16472 16537 68ebe0 16411->16537 16416 68e62f 16475 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 16416->16475 16417 68e622 16418 68ebe0 LoadLibraryA 16417->16418 16419 68e628 16418->16419 16419->16404 16421 68ebe0 LoadLibraryA 16422 68e638 16421->16422 16422->16404 16425 68ee44 16424->16425 16540 68ed40 16425->16540 16427 68f6b0 16428 68ed40 LoadLibraryA 16427->16428 16429 68f6d1 16428->16429 16430 68ed40 LoadLibraryA 16429->16430 16431 68f737 16430->16431 16432 68ed40 LoadLibraryA 16431->16432 16433 68f755 16432->16433 16434 68ed40 LoadLibraryA 16433->16434 16435 68f79f 16434->16435 16436 68ed40 LoadLibraryA 16435->16436 16437 68f829 16436->16437 16438 68ed40 LoadLibraryA 16437->16438 16439 68f84a 16438->16439 16440 68ed40 LoadLibraryA 16439->16440 16441 68f86b 16440->16441 16442 68ed40 LoadLibraryA 16441->16442 16443 68f88c 16442->16443 16444 68ed40 LoadLibraryA 16443->16444 16445 68f98d 16444->16445 16445->16407 16447 68edb0 LoadLibraryA 16446->16447 16448 68e9da 16447->16448 16449 68e9e7 16448->16449 16450 68ea02 VirtualAlloc 16448->16450 16449->16409 16451 68ea1a 16450->16451 16452 68ea2f 16451->16452 16453 68ea40 VirtualAlloc VirtualAlloc 16451->16453 16452->16409 16454 68ea82 16453->16454 16543 68e650 16454->16543 16456 68ea9c 16548 68e8a0 16456->16548 16459 68ead0 16553 68e700 16459->16553 16460 68eac0 16461 68ebe0 LoadLibraryA 16460->16461 16463 68eac5 16461->16463 16463->16409 16464 68eb14 16464->16409 16466 68eaf8 16466->16464 16470 68ebe0 LoadLibraryA 16466->16470 16467 68eae7 16468 68ebe0 LoadLibraryA 16467->16468 16469 68eaed 16468->16469 16469->16409 16471 68eb09 16470->16471 16471->16409 16473 68edb0 LoadLibraryA 16472->16473 16474 68e61b 16473->16474 16474->16416 16474->16417 16476 1000e65e 16475->16476 16477 1000e64f ??2@YAPAXI 16475->16477 16559 10005180 RegCreateKeyA 16476->16559 16477->16476 16480 1000e69d 16570 1000de90 16480->16570 16481 1000e75f 16483 1000e764 GetModuleFileNameA 16481->16483 16484 1000e785 16481->16484 16485 1000e742 SetFileAttributesA CreateThread 16483->16485 16486 1000e791 OutputDebugStringA 16484->16486 16487 1000e78a OutputDebugStringA 16484->16487 16485->16486 16646 1000e530 16485->16646 16489 1000e923 16486->16489 16490 1000e7a5 16486->16490 16487->16486 16495 1000eb15 16489->16495 16496 1000e929 OutputDebugStringA _wcsicmp 16489->16496 16492 1000e7cc GetNativeSystemInfo 16490->16492 16493 1000e7ae ??2@YAPAXI 16490->16493 16491 1000de90 105 API calls 16494 1000e6b1 16491->16494 16500 1000e7e2 16492->16500 16501 1000e7e8 GetSystemWow64DirectoryA 16492->16501 16498 1000e7bd 16493->16498 16499 1000de90 105 API calls 16494->16499 16640 1000fb3c 16495->16640 16502 1000e967 _wcsicmp 16496->16502 16503 1000e94c 16496->16503 16498->16492 16505 1000e6bb 16499->16505 16500->16501 16506 1000e7fd GetSystemDirectoryA 16500->16506 16507 1000e810 OutputDebugStringA 16501->16507 16502->16495 16509 1000e981 OutputDebugStringA 16502->16509 16634 1000dc20 16503->16634 16504 68e632 16504->16421 16510 1000de90 105 API calls 16505->16510 16506->16507 16511 1000e820 16507->16511 16512 1000e9b5 GetNativeSystemInfo 16509->16512 16513 1000e997 ??2@YAPAXI 16509->16513 16517 1000e6c5 16510->16517 16511->16511 16518 1000e828 SHGetFolderPathA sprintf_s CopyFileA 16511->16518 16515 1000e9d1 GetSystemWow64DirectoryA 16512->16515 16516 1000e9cb 16512->16516 16514 1000e9a6 16513->16514 16514->16512 16520 1000e9f9 OutputDebugStringA 16515->16520 16516->16515 16519 1000e9e6 GetSystemDirectoryA 16516->16519 16521 1000de90 105 API calls 16517->16521 16522 1000e8a4 16518->16522 16519->16520 16524 1000ea08 16520->16524 16525 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 16521->16525 16522->16522 16523 1000e8ac OutputDebugStringA 16522->16523 16526 1000e8e8 16523->16526 16527 1000e8d9 ??2@YAPAXI 16523->16527 16524->16524 16528 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 16524->16528 16525->16485 16614 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 16526->16614 16527->16526 16530 1000ea90 16528->16530 16530->16530 16532 1000ea98 OutputDebugStringA OutputDebugStringA 16530->16532 16531 1000e908 16533 1000e915 FindCloseChangeNotification ExitProcess 16531->16533 16534 1000eb0f CloseHandle 16531->16534 16535 1000eacc ??2@YAPAXI 16532->16535 16536 1000eadb 16532->16536 16534->16495 16535->16536 16536->16534 16538 68edb0 LoadLibraryA 16537->16538 16539 68e609 16538->16539 16539->16404 16541 68ed48 16540->16541 16542 68ed94 LoadLibraryA 16541->16542 16542->16427 16544 68edb0 LoadLibraryA 16543->16544 16545 68e660 16544->16545 16546 68e6b1 VirtualAlloc 16545->16546 16547 68e6f9 16545->16547 16546->16545 16547->16456 16549 68edb0 LoadLibraryA 16548->16549 16552 68e8bc 16549->16552 16550 68ed40 LoadLibraryA 16550->16552 16551 68e9a4 16551->16459 16551->16460 16552->16550 16552->16551 16554 68edb0 LoadLibraryA 16553->16554 16558 68e709 16554->16558 16555 68e80d 16555->16464 16555->16466 16555->16467 16556 68e753 VirtualFree 16556->16558 16557 68e7db VirtualProtect 16557->16558 16558->16555 16558->16556 16558->16557 16560 10005291 16559->16560 16561 100051c4 RegQueryValueExA 16559->16561 16562 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16560->16562 16563 100051f8 16561->16563 16564 100052a2 16562->16564 16565 10005234 RegQueryValueExA 16563->16565 16566 10005217 RegSetValueExA 16563->16566 16564->16480 16564->16481 16567 10005262 16565->16567 16568 1000526b RegSetValueExA 16565->16568 16566->16565 16567->16568 16569 10005284 RegCloseKey 16567->16569 16568->16569 16569->16560 16571 10005720 12 API calls 16570->16571 16572 1000deaa 16571->16572 16573 1000deb5 OpenProcess 16572->16573 16574 1000e37b 16572->16574 16573->16574 16575 1000ded0 OpenProcessToken 16573->16575 16576 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16574->16576 16577 1000e374 CloseHandle 16575->16577 16578 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 16575->16578 16579 1000e388 16576->16579 16577->16574 16580 1000df64 AdjustTokenPrivileges 16578->16580 16581 1000df88 LookupPrivilegeValueA 16578->16581 16579->16491 16580->16581 16582 1000dfa3 AdjustTokenPrivileges 16581->16582 16583 1000dfc7 LookupPrivilegeValueA 16581->16583 16582->16583 16584 1000dfe2 AdjustTokenPrivileges 16583->16584 16585 1000e006 LookupPrivilegeValueA 16583->16585 16584->16585 16586 1000e021 AdjustTokenPrivileges 16585->16586 16587 1000e045 LookupPrivilegeValueA 16585->16587 16586->16587 16588 1000e060 AdjustTokenPrivileges 16587->16588 16589 1000e084 LookupPrivilegeValueA 16587->16589 16588->16589 16590 1000e0c3 LookupPrivilegeValueA 16589->16590 16591 1000e09f AdjustTokenPrivileges 16589->16591 16592 1000e102 LookupPrivilegeValueA 16590->16592 16593 1000e0de AdjustTokenPrivileges 16590->16593 16591->16590 16594 1000e141 LookupPrivilegeValueA 16592->16594 16595 1000e11d AdjustTokenPrivileges 16592->16595 16593->16592 16596 1000e180 LookupPrivilegeValueA 16594->16596 16597 1000e15c AdjustTokenPrivileges 16594->16597 16595->16594 16598 1000e19b AdjustTokenPrivileges 16596->16598 16599 1000e1bf LookupPrivilegeValueA 16596->16599 16597->16596 16598->16599 16600 1000e1da AdjustTokenPrivileges 16599->16600 16601 1000e1fe LookupPrivilegeValueA 16599->16601 16600->16601 16602 1000e219 AdjustTokenPrivileges 16601->16602 16603 1000e23d LookupPrivilegeValueA 16601->16603 16602->16603 16604 1000e258 AdjustTokenPrivileges 16603->16604 16605 1000e27c LookupPrivilegeValueA 16603->16605 16604->16605 16606 1000e297 AdjustTokenPrivileges 16605->16606 16607 1000e2bb GetLengthSid SetTokenInformation 16605->16607 16606->16607 16608 1000dd00 64 API calls 16607->16608 16609 1000e303 16608->16609 16610 1000e315 PostThreadMessageA 16609->16610 16611 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 16609->16611 16610->16610 16610->16611 16612 1000e371 16611->16612 16613 1000e367 ??3@YAXPAX 16611->16613 16612->16577 16613->16612 16615 100054c5 OutputDebugStringA Wow64SuspendThread OutputDebugStringA VirtualAllocEx 16614->16615 16616 1000536c memset 16614->16616 16617 10005500 OutputDebugStringA WriteProcessMemory 16615->16617 16618 100054b2 16615->16618 16619 100053ad GetNativeSystemInfo 16616->16619 16620 1000538f ??2@YAPAXI 16616->16620 16617->16618 16622 10005526 OutputDebugStringA QueueUserAPC ResumeThread 16617->16622 16621 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16618->16621 16624 100053c7 16619->16624 16625 100053cd GetSystemWow64DirectoryA 16619->16625 16623 1000539e 16620->16623 16627 100054c1 16621->16627 16628 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16622->16628 16623->16619 16624->16625 16629 100053e1 GetSystemDirectoryA 16624->16629 16626 100053f3 OutputDebugStringA 16625->16626 16630 10005401 16626->16630 16627->16531 16631 1000555b 16628->16631 16629->16626 16630->16630 16632 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 16630->16632 16631->16531 16632->16615 16633 1000549a CloseHandle CloseHandle 16632->16633 16633->16618 16635 1000dc6d 6 API calls 16634->16635 16636 1000dc4f ??2@YAPAXI 16634->16636 16638 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16635->16638 16637 1000dc5e 16636->16637 16637->16635 16639 1000dcf0 16638->16639 16641 1000fb44 16640->16641 16642 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 16640->16642 16641->16504 16644 10010137 _crt_debugger_hook 16642->16644 16645 1001013f GetCurrentProcess TerminateProcess 16642->16645 16644->16645 16645->16504 16647 1000e550 RegOpenKeyExA 16646->16647 16648 1000e5ab 16647->16648 16649 1000e56c RegQueryValueExA 16647->16649 16652 1000e390 117 API calls 16648->16652 16650 1000e5a0 RegCloseKey 16649->16650 16651 1000e588 RegCloseKey Sleep 16649->16651 16650->16648 16651->16647 16653 1000e5b0 Sleep 16652->16653 16653->16647 16654 4134a0 #823 16655 4134d3 16654->16655 16656 4134e9 16654->16656 16659 413540 #364 #384 #384 16655->16659 16658 4134da 16662 409360 #567 16659->16662 16661 4135b1 #2097 #2097 #2243 16661->16658 16675 404940 #567 16662->16675 16664 40939b #540 #384 16676 411870 #567 #1168 GetClassInfoA 16664->16676 16667 4094ee #472 16669 409501 #823 16667->16669 16668 4094ff 16668->16669 16670 409523 #472 16669->16670 16671 409534 16669->16671 16672 409536 11 API calls 16670->16672 16671->16672 16680 405820 16672->16680 16674 4095f6 #860 16674->16661 16675->16664 16677 409450 7 API calls 16676->16677 16678 4118bf LoadCursorA #1232 16676->16678 16677->16667 16677->16668 16678->16677 16679 411913 #1270 16678->16679 16679->16677 16680->16674 16681 415826 __set_app_type __p__fmode __p__commode 16682 415895 16681->16682 16683 4158a9 16682->16683 16684 41589d __setusermatherr 16682->16684 16693 415996 _controlfp 16683->16693 16684->16683 16686 4158ae _initterm __getmainargs _initterm 16687 415902 GetStartupInfoA 16686->16687 16689 415936 GetModuleHandleA 16687->16689 16694 4159b8 #1576 16689->16694 16692 41595a exit _XcptFilter 16693->16686 16694->16692

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 5 1000dd7c-1000dd84 4->5 6 1000de3d-1000de4a Thread32Next 4->6 8 1000dd86-1000dd8d 5->8 9 1000dded-1000ddf2 5->9 6->1 6->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 13 1000de02-1000de0a 10->13 14 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->14 17 1000de34-1000de37 11->17 18 1000de39 11->18 15 1000dddb-1000dde5 12->15 16 1000dd9d-1000dda7 12->16 13->11 20 1000de0c-1000de19 13->20 31 1000deb5-1000deca OpenProcess 14->31 32 1000e37b-1000e38b call 1000fb3c 14->32 15->18 22 1000dde7-1000ddeb 15->22 16->14 21 1000ddad-1000ddb5 16->21 17->18 18->6 24 1000de1b-1000de1d 20->24 25 1000de1f 20->25 21->15 26 1000ddb7-1000ddc4 21->26 22->18 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 36 1000ded0-1000dee2 OpenProcessToken 31->36 33->34 34->11 38 1000ddd0 35->38 39 1000ddd2-1000ddd8 call 10006370 35->39 41 1000e374-1000e375 CloseHandle 36->41 42 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 36->42 38->39 39->15 41->32 45 1000df64-1000df86 AdjustTokenPrivileges 42->45 46 1000df88-1000dfa1 LookupPrivilegeValueA 42->46 45->46 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 46->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 46->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->41 79->78
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
        • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
        • CloseHandle.KERNEL32(00000000), ref: 1000DE51
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,76229350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,76229350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,76229350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,76229350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,76229350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,76229350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,76229350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
        • API String ID: 1580616088-3994885262
        • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
        • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 154 1000de90-1000deaf call 10005720 157 1000deb5-1000deca OpenProcess 154->157 158 1000e37b-1000e38b call 1000fb3c 154->158 157->158 159 1000ded0-1000dee2 OpenProcessToken 157->159 161 1000e374-1000e375 CloseHandle 159->161 162 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 159->162 161->158 164 1000df64-1000df86 AdjustTokenPrivileges 162->164 165 1000df88-1000dfa1 LookupPrivilegeValueA 162->165 164->165 166 1000dfa3-1000dfc5 AdjustTokenPrivileges 165->166 167 1000dfc7-1000dfe0 LookupPrivilegeValueA 165->167 166->167 168 1000dfe2-1000e004 AdjustTokenPrivileges 167->168 169 1000e006-1000e01f LookupPrivilegeValueA 167->169 168->169 170 1000e021-1000e043 AdjustTokenPrivileges 169->170 171 1000e045-1000e05e LookupPrivilegeValueA 169->171 170->171 172 1000e060-1000e082 AdjustTokenPrivileges 171->172 173 1000e084-1000e09d LookupPrivilegeValueA 171->173 172->173 174 1000e0c3-1000e0dc LookupPrivilegeValueA 173->174 175 1000e09f-1000e0c1 AdjustTokenPrivileges 173->175 176 1000e102-1000e11b LookupPrivilegeValueA 174->176 177 1000e0de-1000e100 AdjustTokenPrivileges 174->177 175->174 178 1000e141-1000e15a LookupPrivilegeValueA 176->178 179 1000e11d-1000e13f AdjustTokenPrivileges 176->179 177->176 180 1000e180-1000e199 LookupPrivilegeValueA 178->180 181 1000e15c-1000e17e AdjustTokenPrivileges 178->181 179->178 182 1000e19b-1000e1bd AdjustTokenPrivileges 180->182 183 1000e1bf-1000e1d8 LookupPrivilegeValueA 180->183 181->180 182->183 184 1000e1da-1000e1fc AdjustTokenPrivileges 183->184 185 1000e1fe-1000e217 LookupPrivilegeValueA 183->185 184->185 186 1000e219-1000e23b AdjustTokenPrivileges 185->186 187 1000e23d-1000e256 LookupPrivilegeValueA 185->187 186->187 188 1000e258-1000e27a AdjustTokenPrivileges 187->188 189 1000e27c-1000e295 LookupPrivilegeValueA 187->189 188->189 190 1000e297-1000e2b9 AdjustTokenPrivileges 189->190 191 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 189->191 190->191 194 1000e315-1000e334 PostThreadMessageA 191->194 195 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 191->195 194->194 194->195 196 1000e371 195->196 197 1000e367-1000e36e ??3@YAXPAX@Z 195->197 196->161 197->196
        APIs
          • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
          • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
          • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
          • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
          • Part of subcall function 10005720: FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,76229350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,76229350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,76229350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,76229350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,76229350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,76229350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,76229350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
        • API String ID: 2285828341-3151685581
        • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
        • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • OutputDebugStringA.KERNEL32(PuppetProcess1,?,?,76229350), ref: 100052DC
        • memset.MSVCR100 ref: 100052EA
        • OutputDebugStringA.KERNEL32(PuppetProcess2,?,?,76229350), ref: 10005340
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,?,76229350), ref: 10005362
        • memset.MSVCR100 ref: 1000537F
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005391
        • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,76229350), ref: 100053B4
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,?,76229350), ref: 100053D9
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100053ED
        • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,?,76229350), ref: 100053F8
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,?,76229350), ref: 10005438
        • sprintf_s.MSVCR100 ref: 10005456
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000546E
        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 10005494
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,76229350), ref: 100054A7
        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,76229350), ref: 100054B0
        • OutputDebugStringA.KERNEL32(PuppetProcess3,?,?,76229350), ref: 100054CA
        • Wow64SuspendThread.KERNEL32(?,?,?,76229350), ref: 100054D3
        • OutputDebugStringA.KERNEL32(PuppetProcess4,?,?,76229350), ref: 100054DE
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,?,76229350), ref: 100054F4
        • OutputDebugStringA.KERNEL32(PuppetProcess5,?,?,76229350), ref: 10005505
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,?,76229350), ref: 1000551C
        • OutputDebugStringA.KERNEL32(PuppetProcess6,?,?,76229350), ref: 1000552B
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,?,76229350), ref: 10005536
        • ResumeThread.KERNEL32(?,?,?,76229350), ref: 10005543
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadWow64memset$??2@AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWritesprintf_s
        • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
        • API String ID: 1861898608-3220118345
        • Opcode ID: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction ID: aded121a93d6f97706c05bd1408f558c03f80ff1c0b964637246e8f354e17e79
        • Opcode Fuzzy Hash: 4f7e9f1588dec90f0b1f1b4c8e05c59d86065ca1524845816a6566bc17ff1582
        • Instruction Fuzzy Hash: 727160F1900228AFEB15DB64CCD4EEA77BDEB48745F008199F609A7140DA71AF94CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000), ref: 004011E6
        • RegCloseKey.KERNEL32(?,?,004014E9), ref: 004011F1
        • GetProcessHeap.KERNEL32(00000000,0004DA78,?,004014E9), ref: 004011FE
        • RtlAllocateHeap.NTDLL(00000000,?,004014E9), ref: 00401205
        • LoadLibraryA.KERNEL32(KERNEL32.dll,VirtualProtect,?,?,?,?,004014E9), ref: 00401240
        • GetProcAddress.KERNEL32(00000000), ref: 00401249
        • LoadLibraryA.KERNEL32(KERNEL32.dll,CreateThread,?,?,?,?,004014E9), ref: 00401257
        • GetProcAddress.KERNEL32(00000000), ref: 0040125A
        • VirtualProtect.KERNEL32(00000000,0004DA78,00000040,?,?,?,?,?,004014E9), ref: 00401269
        • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401275
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AddressHeapLibraryLoadProc$AllocateCloseCreateOpenProcessProtectThreadVirtual
        • String ID: CreateThread$HARDWARE\DESCRIPTION\System\CentralProcessor\0$KERNEL32.dll$VirtualProtect
        • API String ID: 1661605580-2886484579
        • Opcode ID: fd621e223aa46a639204fcec1802c3bbd30072bb5082b35e0b0469faa04fe73f
        • Instruction ID: 2679e9bc238f382b67392beef86e659f261f8ae13e85115305d36aaa0929dc4b
        • Opcode Fuzzy Hash: fd621e223aa46a639204fcec1802c3bbd30072bb5082b35e0b0469faa04fe73f
        • Instruction Fuzzy Hash: 061140756403047BD210A765EC4AFEB7F1CEBC9B51F11417AFA04A71C0D9B49808837D
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 263 4013a0-4013d2 call 4157f0 266 4013d8-4013e4 263->266 267 4014aa-4014e4 call 401160 * 2 call 4011d0 263->267 266->267 268 4013ea-401459 GetProcAddress RegOpenKeyA RegQueryValueExA RegCloseKey recv 266->268 278 4014e9-4014f5 267->278 268->267 270 40145b-40149c call 401160 Sleep * 3 268->270 270->267 276 40149e-4014a4 270->276 276->267 276->268
        APIs
        • GetProcAddress.KERNEL32(761A0000,recv), ref: 004013F5
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 00401415
        • RegQueryValueExA.KERNEL32(?,~MHz,00000000,?,?,?), ref: 00401432
        • RegCloseKey.KERNEL32(?), ref: 0040143D
        • recv.WS2_32(?,?,00002800,00000000), ref: 00401453
        • Sleep.KERNEL32(0000000A), ref: 0040147B
        • Sleep.KERNEL32(0000000A), ref: 00401483
        • Sleep.KERNEL32(0000000A), ref: 0040148B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Sleep$AddressCloseOpenProcQueryValuerecv
        • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$bxpalxe175.top$recv$~MHz
        • API String ID: 319245223-1466905328
        • Opcode ID: e3f63ef2b23a86bd8b68c0ae0447dd9697f1e757ccf12d9818a727ed3d65e479
        • Instruction ID: cbfd0d41f5c248cca52a8a6df59cf3ab801ab9a91dad2660b7d7d7a41d6431ab
        • Opcode Fuzzy Hash: e3f63ef2b23a86bd8b68c0ae0447dd9697f1e757ccf12d9818a727ed3d65e479
        • Instruction Fuzzy Hash: 1331E2762003049BD310DB65CC85EA7B7E9FBC8714F108E2EF659972E0DB78E9098B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • _mbsicmp.MSVCR100 ref: 10005768
        • Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
        • String ID: 360Tray.exe
        • API String ID: 169230292-3639442380
        • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
        • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 80 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 81 1000e66d-1000e697 call 10005180 80->81 82 1000e64f-1000e65c ??2@YAPAXI@Z 80->82 88 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 81->88 89 1000e75f-1000e762 81->89 84 1000e666 82->84 85 1000e65e-1000e664 82->85 87 1000e668 84->87 85->87 87->81 93 1000e742-1000e75d SetFileAttributesA CreateThread 88->93 91 1000e764-1000e783 GetModuleFileNameA 89->91 92 1000e785-1000e788 89->92 91->93 94 1000e791-1000e79f OutputDebugStringA 92->94 95 1000e78a-1000e78f OutputDebugStringA 92->95 93->94 97 1000e923 94->97 98 1000e7a5-1000e7ac 94->98 95->94 103 1000eb15-1000eb2b call 1000fb3c 97->103 104 1000e929-1000e94a OutputDebugStringA _wcsicmp 97->104 100 1000e7cc-1000e7e0 GetNativeSystemInfo 98->100 101 1000e7ae-1000e7bb ??2@YAPAXI@Z 98->101 109 1000e7e2-1000e7e6 100->109 110 1000e7e8-1000e7fb GetSystemWow64DirectoryA 100->110 106 1000e7c5 101->106 107 1000e7bd-1000e7c3 101->107 111 1000e967-1000e97b _wcsicmp 104->111 112 1000e94c-1000e962 call 1000dc20 104->112 114 1000e7c7 106->114 107->114 109->110 116 1000e7fd-1000e80a GetSystemDirectoryA 109->116 117 1000e810-1000e81f OutputDebugStringA 110->117 111->103 119 1000e981-1000e995 OutputDebugStringA 111->119 112->111 114->100 116->117 121 1000e820-1000e826 117->121 122 1000e9b5-1000e9c9 GetNativeSystemInfo 119->122 123 1000e997-1000e9a4 ??2@YAPAXI@Z 119->123 121->121 129 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 121->129 126 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 122->126 127 1000e9cb-1000e9cf 122->127 124 1000e9a6-1000e9ac 123->124 125 1000e9ae 123->125 130 1000e9b0 124->130 125->130 132 1000e9f9-1000ea07 OutputDebugStringA 126->132 127->126 131 1000e9e6-1000e9f3 GetSystemDirectoryA 127->131 134 1000e8a4-1000e8aa 129->134 130->122 131->132 136 1000ea08-1000ea0e 132->136 134->134 135 1000e8ac-1000e8d7 OutputDebugStringA 134->135 138 1000e8f7-1000e90f call 100052b0 135->138 139 1000e8d9-1000e8e6 ??2@YAPAXI@Z 135->139 136->136 140 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 136->140 148 1000e915-1000e91d FindCloseChangeNotification ExitProcess 138->148 149 1000eb0f CloseHandle 138->149 141 1000e8f0 139->141 142 1000e8e8-1000e8ee 139->142 144 1000ea90-1000ea96 140->144 145 1000e8f2 141->145 142->145 144->144 147 1000ea98-1000eaca OutputDebugStringA * 2 144->147 145->138 150 1000eacc-1000ead9 ??2@YAPAXI@Z 147->150 151 1000eafe-1000eb03 147->151 149->103 152 1000eaf7-1000eaf9 150->152 153 1000eadb-1000eaeb 150->153 151->149 152->151 153->152
        APIs
        • OutputDebugStringA.KERNEL32(dll run), ref: 1000E5EF
        • OutputDebugStringA.KERNEL32(dll run2), ref: 1000E5F6
        • GetCommandLineW.KERNEL32 ref: 1000E616
        • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
        • memset.MSVCR100 ref: 1000E63E
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
        • sprintf_s.MSVCR100 ref: 1000E714
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
        • SetFileAttributesA.KERNEL32(?,00000002), ref: 1000E742
        • CreateThread.KERNEL32(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
        • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
        • OutputDebugStringA.KERNEL32(dll run3), ref: 1000E796
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E7D1
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E815
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
        • sprintf_s.MSVCR100 ref: 1000E87B
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
        • OutputDebugStringA.KERNEL32(?), ref: 1000E8CE
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
        • FindCloseChangeNotification.KERNEL32(00000000), ref: 1000E915
        • ExitProcess.KERNEL32 ref: 1000E91D
        • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
        • _wcsicmp.MSVCR100 ref: 1000E943
        • _wcsicmp.MSVCR100 ref: 1000E974
        • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
        • sprintf_s.MSVCR100 ref: 1000EA63
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
        • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
        • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
          • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
          • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CED086A), ref: 1000DC8B
          • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(?), ref: 1000DCD4
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
        • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
        • API String ID: 3194832325-3018988614
        • Opcode ID: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
        • Opcode Fuzzy Hash: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75B4EC10), ref: 1000E3B4
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75B4EC10), ref: 1000E3C8
        • sprintf_s.MSVCR100 ref: 1000E3EC
        • sprintf_s.MSVCR100 ref: 1000E406
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
        • RegCloseKey.ADVAPI32(?), ref: 1000E469
        • RegCloseKey.ADVAPI32(?), ref: 1000E482
        • OutputDebugStringA.KERNEL32(meiyou), ref: 1000E489
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
        • RegSetValueExA.ADVAPI32(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
        • RegCloseKey.ADVAPI32(?), ref: 1000E516
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
        • API String ID: 3385724880-3482547359
        • Opcode ID: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
        • Opcode Fuzzy Hash: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • GetProcAddress.KERNEL32(761A0000,socket), ref: 004012C8
        • socket.WS2_32(00000002,00000001,00000006), ref: 004012D0
        • GetProcAddress.KERNEL32(761A0000,htons), ref: 004012F2
        • gethostbyname.WS2_32(?), ref: 004012FB
        • GetProcAddress.KERNEL32(761A0000,connect), ref: 0040132D
        • connect.WS2_32(?,?,00000010), ref: 0040133A
        • LoadLibraryA.KERNEL32(KERNEL32.dll,ResetEvent), ref: 00401351
        • GetProcAddress.KERNEL32(00000000), ref: 00401354
        • LoadLibraryA.KERNEL32(KERNEL32.dll,WaitForSingleObject), ref: 00401366
        • GetProcAddress.KERNEL32(00000000), ref: 00401369
        • CreateThread.KERNEL32(00000000,00000000,Function_000013A0,?,00000000,00000000), ref: 00401389
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AddressProc$LibraryLoad$CreateThreadconnectgethostbynamesocket
        • String ID: KERNEL32.dll$ResetEvent$WaitForSingleObject$connect$htons$socket
        • API String ID: 2839651472-2857524910
        • Opcode ID: ed6d26fedf81f82663cb6d50ac349989548aa3f077029461258462c269fddee5
        • Instruction ID: 2f0cf2fbbfb9e9f79a0b2d435e9d64fdbdf3ab423a2cf3289e8a2f4458cffe95
        • Opcode Fuzzy Hash: ed6d26fedf81f82663cb6d50ac349989548aa3f077029461258462c269fddee5
        • Instruction Fuzzy Hash: FE21BB357503047FE210EBB9DC85F9BB7A8EB88710F108A1AF514D71D0CAB4E8448769
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 252 408c10-408c69 #1134 #2621 #6117 #4159 #823 253 408c88 252->253 254 408c6b-408c86 #520 252->254 255 408c8a-408cc5 #986 #296 #5214 #5301 253->255 254->255 256 408cc7-408ce9 #617 255->256 257 408cea-408d26 #6215 UpdateWindow #617 255->257
        APIs
        • #1134.MFC42(00000000), ref: 00408C2D
        • #2621.MFC42 ref: 00408C37
        • #6117.MFC42(Local AppWizard-Generated Applications), ref: 00408C43
        • #4159.MFC42(00000000,Local AppWizard-Generated Applications), ref: 00408C4C
        • #823.MFC42(0000006C,00000000,Local AppWizard-Generated Applications), ref: 00408C53
        • #520.MFC42(00000080,0041A1D0,A,0A), ref: 00408C81
        • #986.MFC42(00000000), ref: 00408C95
        • #296.MFC42(00000000), ref: 00408C9E
        • #5214.MFC42(?,00000000), ref: 00408CB2
        • #5301.MFC42(?,?,00000000), ref: 00408CBE
        • #617.MFC42(?,?,00000000), ref: 00408CD3
        • #6215.MFC42(00000003,?,?,00000000), ref: 00408CEF
        • UpdateWindow.USER32(?), ref: 00408CFB
        • #617.MFC42 ref: 00408D0D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #617$#1134#2621#296#4159#520#5214#5301#6117#6215#823#986UpdateWindow
        • String ID: 0A$Local AppWizard-Generated Applications$A
        • API String ID: 3234569743-2732384807
        • Opcode ID: b47de4f48cf6a3eee5f98361f045724880b9a36067bd2c31a9356777d7f8c5c8
        • Instruction ID: 41bfc81942a05213f3af54d885952778efa4c17ba4b2a83e382328154276f756
        • Opcode Fuzzy Hash: b47de4f48cf6a3eee5f98361f045724880b9a36067bd2c31a9356777d7f8c5c8
        • Instruction Fuzzy Hash: C621D871245B40DBD204EB25C852BDE76E4ABC4B64F50461EF8AA833C1DBBCD481875B
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 279 10005180-100051be RegCreateKeyA 280 10005291-100052a5 call 1000fb3c 279->280 281 100051c4-100051f6 RegQueryValueExA 279->281 283 10005201-1000520a 281->283 284 100051f8-100051ff 281->284 287 10005210-10005215 283->287 284->283 286 10005234-10005260 RegQueryValueExA 284->286 289 10005262-10005269 286->289 290 1000526b-10005282 RegSetValueExA 286->290 287->287 288 10005217-10005232 RegSetValueExA 287->288 288->286 289->290 291 10005284-1000528b RegCloseKey 289->291 290->291 291->280
        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
        • RegQueryValueExA.KERNEL32(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
        • RegSetValueExA.KERNEL32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
        • RegQueryValueExA.KERNEL32(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
        • RegSetValueExA.KERNEL32(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
        • RegCloseKey.KERNEL32(?,?,?), ref: 1000528B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Value$Query$CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2357964129-2174744495
        • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
        • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 292 413540-413614 #364 #384 * 2 call 409360 #2097 * 2 #2243
        APIs
        • #364.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413562
        • #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413577
        • #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413589
          • Part of subcall function 00409360: #567.MFC42 ref: 00409382
          • Part of subcall function 00409360: #540.MFC42 ref: 0040940B
          • Part of subcall function 00409360: #384.MFC42 ref: 0040943B
          • Part of subcall function 00409360: GetSysColor.USER32(00000008), ref: 00409497
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094A1
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094AB
          • Part of subcall function 00409360: GetSysColor.USER32(0000000D), ref: 004094B5
          • Part of subcall function 00409360: GetSysColor.USER32(00000003), ref: 004094BF
          • Part of subcall function 00409360: GetSysColor.USER32(0000000F), ref: 004094C9
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 004094D9
          • Part of subcall function 00409360: #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 0040950E
        • #2097.MFC42(00000086,00000010,00000000,00FF00FF), ref: 004135CC
        • #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135E1
        • #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135F1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Color$#384$#2097#823$#2243#364#472#540#567
        • String ID: TA$Times New Roman
        • API String ID: 469616458-2591298183
        • Opcode ID: d9d03c3649ce590fc89dcb27801b24d530cb83160e0a6efb9b2fa89b70134237
        • Instruction ID: 6bf6b4aec32bb5aab79e5213497b21abca3b20ce1cabfea461c97a75bc92b734
        • Opcode Fuzzy Hash: d9d03c3649ce590fc89dcb27801b24d530cb83160e0a6efb9b2fa89b70134237
        • Instruction Fuzzy Hash: B211B670384B41EAE320DF26CC02BD6B691EB80B19F40451DF5A91A2C2DFBD64488B56
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 295 1000e530-1000e547 296 1000e550-1000e56a RegOpenKeyExA 295->296 297 1000e5ab call 1000e390 296->297 298 1000e56c-1000e586 RegQueryValueExA 296->298 302 1000e5b0-1000e5bb Sleep 297->302 299 1000e5a0-1000e5a5 RegCloseKey 298->299 300 1000e588-1000e59e RegCloseKey Sleep 298->300 299->297 300->296 302->296
        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.ADVAPI32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNEL32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
        • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 303 413280-413292 #4457 304 413338-41333e 303->304 305 413298-4132b2 #2120 303->305 305->304 306 4132b8-4132c6 #4163 305->306 306->304 307 4132c8 call 4131d0 306->307 309 4132cd-4132e7 #2117 307->309 309->304 310 4132e9-4132f9 #6000 309->310 310->304 311 4132fb-413335 #5871 #2626 #2627 #2494 310->311
        APIs
        • #4457.MFC42(?), ref: 0041328A
        • #2120.MFC42(?,50002800,0000E800,?), ref: 004132AB
        • #4163.MFC42(00000080,?,50002800,0000E800,?), ref: 004132BF
          • Part of subcall function 004131D0: #823.MFC42(0009B508), ref: 00413203
          • Part of subcall function 004131D0: Sleep.KERNEL32(000000FF,?,?,?,?,?,?,00416D0B,000000FF), ref: 00413258
        • #2117.MFC42(?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004132E0
        • #6000.MFC42(0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004132F2
        • #5871.MFC42(?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413307
        • #2626.MFC42(0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413313
        • #2627.MFC42(0000F000,0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 0041331F
        • #2494.MFC42(?,00000000,00000000,0000F000,0000F000,?,0041E5D8,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 0041332B
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2117#2120#2494#2626#2627#4163#4457#5871#6000#823Sleep
        • String ID:
        • API String ID: 3386160022-0
        • Opcode ID: 7bf9c5a97767c2c530a4c024916f85f63d621b233f27ef0a24bc1286ce95988a
        • Instruction ID: f295bb6be9f85b1e12f183ed3c3b2f06187b2ceffeed3866003ce54fc7fd5ac9
        • Opcode Fuzzy Hash: 7bf9c5a97767c2c530a4c024916f85f63d621b233f27ef0a24bc1286ce95988a
        • Instruction Fuzzy Hash: EE012631341B4072E52436364D92FFF128A4FD0725F94452FB61DAA1C2CE9C988A42AC
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 312 411870-4118bd #567 #1168 GetClassInfoA 313 411918-41192b 312->313 314 4118bf-411911 LoadCursorA #1232 312->314 314->313 315 411913 #1270 314->315 315->313
        APIs
        • #567.MFC42(?,?,00000000), ref: 00411891
        • #1168.MFC42(?,?,00000000), ref: 004118A2
        • GetClassInfoA.USER32(?,ZGfxListTip,?), ref: 004118B5
        • LoadCursorA.USER32 ref: 004118E7
        • #1232.MFC42(?,?,?,?,?,?,?,00007F00), ref: 0041190A
        • #1270.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00411913
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1168#1232#1270#567ClassCursorInfoLoad
        • String ID: ZGfxListTip
        • API String ID: 3069537701-2764869995
        • Opcode ID: c1777f902a1098fee9250ff0f01ecdb461a496c282bbc71f2766432ac85010e8
        • Instruction ID: 15696b2da03ed55e506b20e7cfda967e3baed51a129acc1d47ed1798fc33c382
        • Opcode Fuzzy Hash: c1777f902a1098fee9250ff0f01ecdb461a496c282bbc71f2766432ac85010e8
        • Instruction Fuzzy Hash: 72116DB0508341AFC300DF5AC880A9BFBE9FBC8768F50892EF45893350D7788545CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 316 68ed40-68eda1 call 68ec70 call 68ed20 LoadLibraryA
        APIs
        • LoadLibraryA.KERNEL32(?,00000000,00000072), ref: 0068ED9C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID: A$b$d$i$o$y
        • API String ID: 1029625771-4132616007
        • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction ID: bde0e622c06e93ada49c71c40f1f745025d682d723182550ffe92308aa0b6951
        • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction Fuzzy Hash: B5F0925000D3C1AEE342E76C944569BBED62FE2644F48CD8CE4D80B243D2BA965CC3B7
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.ADVAPI32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNEL32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: 79d81ec7a7a5682851e7329382d69a247a2e8e04d85c073a27eac03db7012cba
        • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
        • Opcode Fuzzy Hash: 79d81ec7a7a5682851e7329382d69a247a2e8e04d85c073a27eac03db7012cba
        • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 0068E764
        • VirtualProtect.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0068E7EA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Virtual$FreeProtect
        • String ID: $@
        • API String ID: 2581862158-1077428164
        • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction ID: e0daffe371eaf2cd6617b29042ec77e822192a0349886d295cb8f9ef74e84dbb
        • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction Fuzzy Hash: 19313AB46042019BD704EF14C554BAAB7E6BF88708F508A1CFA859B384D776E945CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcAddress.KERNEL32(761A0000,send), ref: 0040119E
        • send.WS2_32(?,?,?,00000000), ref: 004011B4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AddressProcsend
        • String ID: send
        • API String ID: 1302106133-2809346765
        • Opcode ID: dd4d1ec5734af78126993d77e5fb99673a833ad70eb665c3cfdb48b2a7fc35be
        • Instruction ID: 6381d367b2c4554388d4b73205bbc2dab7d74f2c368bcd2ef79596ef076c0f3a
        • Opcode Fuzzy Hash: dd4d1ec5734af78126993d77e5fb99673a833ad70eb665c3cfdb48b2a7fc35be
        • Instruction Fuzzy Hash: EED0127A305200ABE318DB66DC44ED77BAEEBC8710F04C51DB945832D4CA74E844C768
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction ID: 78e31464fd41d289da48a17100e00b339f5538a6c53e6e48411bbfe9627cdbb9
        • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction Fuzzy Hash: 8141E8B67012009FE714EF68EC85FAB73E9EF84762F104669FA05C6341EB72D8018761
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1576.MFC42(?,?,?,ZYA,0041595A,00000000,?,0000000A), ref: 004159C8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1576
        • String ID: ZYA
        • API String ID: 1976119259-4106806639
        • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
        • Instruction ID: 9d703d587375390fe7fea74c160f8a321344abee2d7b3bbee650e2075630bda3
        • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
        • Instruction Fuzzy Hash: 07B00836158786ABCB42EF91984196ABAA2BFD8344F484D1DB2A15007187668468AB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #823.MFC42(0009B508), ref: 00413203
        • Sleep.KERNEL32(000000FF,?,?,?,?,?,?,00416D0B,000000FF), ref: 00413258
          • Part of subcall function 004010B0: WSAStartup.WS2_32(00000202,?), ref: 004010D6
          • Part of subcall function 004010B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010E3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #823CreateEventSleepStartup
        • String ID:
        • API String ID: 121733085-0
        • Opcode ID: 7c8789302a3c0d93403c65dc84304f210102f3bee422103436218015d51fa74c
        • Instruction ID: 951f16532e199231ebab9ac9f8d28e0367e422fa5253b9f327ab345445f371ea
        • Opcode Fuzzy Hash: 7c8789302a3c0d93403c65dc84304f210102f3bee422103436218015d51fa74c
        • Instruction Fuzzy Hash: A5014935208791ABC310EF28EC0179B7BD09B88B60F008A2EF865933D0E73CC944879B
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAStartup.WS2_32(00000202,?), ref: 004010D6
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004010E3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: CreateEventStartup
        • String ID:
        • API String ID: 1546077022-0
        • Opcode ID: 9f108eaa24a943d3b26366c6729755770e8754957be2a9a4998c2e3dd4bcd72f
        • Instruction ID: 982ec534c095686b53de404c0ccf739faa66623e5b7f07849cba924032326677
        • Opcode Fuzzy Hash: 9f108eaa24a943d3b26366c6729755770e8754957be2a9a4998c2e3dd4bcd72f
        • Instruction Fuzzy Hash: E2F01C71600700AFD330AF1ADC09AA3FBE9EBC9710F40892EA5A9862A0DBB455498B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #823.MFC42(000002E8,?,?,00416D4A,000000FF), ref: 004134BB
          • Part of subcall function 00413540: #364.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413562
          • Part of subcall function 00413540: #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413577
          • Part of subcall function 00413540: #384.MFC42(00000065,?,?,?,?,00000000,00000000,00416DA0,000000FF,004134DA,?,?,?,?,000000FF), ref: 00413589
          • Part of subcall function 00413540: #2097.MFC42(00000086,00000010,00000000,00FF00FF), ref: 004135CC
          • Part of subcall function 00413540: #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135E1
          • Part of subcall function 00413540: #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF), ref: 004135F1
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2097#384$#2243#364#823
        • String ID:
        • API String ID: 936483311-0
        • Opcode ID: c0f4b8d3fe29d1972ce87b6c98b368f565427947027bac4c3d19d34c5f8d52da
        • Instruction ID: 8931584f3fedf0c81029ba159ef4a808fc4357441ee27ffabda8fe5ca8568ece
        • Opcode Fuzzy Hash: c0f4b8d3fe29d1972ce87b6c98b368f565427947027bac4c3d19d34c5f8d52da
        • Instruction Fuzzy Hash: 7FE065B1644A80EBE755DF19C90275676D0F784F10F448A2DE41987BC0E73CC800CA02
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,00000000,00000000,00000000,?,0068EA9C,?,?,00000000,?,?,?), ref: 0068E6C1
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction ID: eb3fac5ddfcb5fb6a5d0ec35fdb3e84c3bd2e786de010e7dd5ba17b17b2cad8f
        • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction Fuzzy Hash: 792138B1600201AFE314DF18C885B56F3EAFF98305F15892DF98587341E7B2A8958BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(NTDLL,408982D5), ref: 100069D5
        • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
        • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
        • memset.MSVCR100 ref: 10006A10
        • memset.MSVCR100 ref: 10006A22
        • gethostname.WS2_32(?,00000100), ref: 10006A36
        • gethostbyname.WS2_32(?), ref: 10006A43
        • inet_ntoa.WS2_32 ref: 10006A5B
        • strcat_s.MSVCR100 ref: 10006A74
        • strcat_s.MSVCR100 ref: 10006A8A
        • inet_ntoa.WS2_32 ref: 10006AAA
        • strcat_s.MSVCR100 ref: 10006ABD
        • strcat_s.MSVCR100 ref: 10006AD7
        • inet_addr.WS2_32(?), ref: 10006AF5
        • wsprintfA.USER32 ref: 10006B2E
        • OutputDebugStringA.KERNEL32(?), ref: 10006B45
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
        • strncpy.MSVCR100 ref: 10006E6B
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
        • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
        • strncpy.MSVCR100 ref: 1000713E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
        • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
        • RegQueryValueExA.ADVAPI32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
        • wsprintfA.USER32 ref: 10007204
        • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
        • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
        • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
        • wsprintfA.USER32 ref: 100072AD
        • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
        • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
        • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
        • API String ID: 941699131-3408092411
        • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
        • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 0040E8B2
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E8BF
        • #1669.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E8C7
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040E903
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E91A
        • #940.MFC42(0000000A,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E962
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E975
        • #940.MFC42(00000009,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E999
        • #939.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E9A7
        • #800.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040E9B5
        • SendMessageA.USER32(?,0000100C,00000000,00000002), ref: 0040E9CF
        • #940.MFC42(0000000A,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA1E
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA31
        • #940.MFC42(00000009,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA55
        • #939.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA63
        • #800.MFC42(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EA71
        • OpenClipboard.USER32(?), ref: 0040EAC3
        • EmptyClipboard.USER32 ref: 0040EAD1
        • GlobalAlloc.KERNEL32(00002000,?,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EAE5
        • GlobalLock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EAEE
        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB18
        • SetClipboardData.USER32(00000001,00000000), ref: 0040EB21
        • CloseClipboard.USER32 ref: 0040EB27
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB32
        • #2652.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB3A
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB4B
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB59
        • #2652.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB61
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416830,000000FF), ref: 0040EB72
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800#940ClipboardMessageSend$#1168#540Global$#2652#939$#1669#3092AllocCloseDataEmptyLockOpenUnlock
        • String ID:
        • API String ID: 1039448640-0
        • Opcode ID: 0f50c8c2dd885ae94c16666faa6998e2184c80d26dfc415f8c60c3a987b6d0af
        • Instruction ID: 1c919ba216b2d915e319fefec73e344e30313ada7e1a60fca40d4dcf104441a7
        • Opcode Fuzzy Hash: 0f50c8c2dd885ae94c16666faa6998e2184c80d26dfc415f8c60c3a987b6d0af
        • Instruction Fuzzy Hash: 788108312043419BC310DF268851BEB7BD4AF99714F144A2EF8D9A73D2DB38D849C76A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 00695558
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 0069557D
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00695591
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 006955DC
        • CopyFileA.KERNEL32(?,?,00000000), ref: 00695612
        • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 00695677
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 00695698
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 006956C0
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 006956DA
        • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 006956E7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
        • String ID: D$\msiexec.exe
        • API String ID: 3303475852-2685333904
        • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction ID: 84f1806b1d6278ae54ecfb4560a691da84a7e0dfdd20fe3765ef12a1cd51b931
        • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction Fuzzy Hash: 5A7150F1900228AFEB25DB64CCD5EEA77BDEB48704F00819AF60997251DA709F94CF61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1146.MFC42(?,000000F1,?,769A3E40), ref: 004129FE
        • FindResourceA.KERNEL32(00000000,?,000000F1), ref: 00412A19
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1146FindResource
        • String ID:
        • API String ID: 2445269050-0
        • Opcode ID: b8f13c08bba0a10ae45269dd9b5ca3d55156f1fc17a7359007acff283fc02bb1
        • Instruction ID: 9f9dd393ad86eddf9874923014d0270925be10493dfa3e23ceb1e05e69bb8b86
        • Opcode Fuzzy Hash: b8f13c08bba0a10ae45269dd9b5ca3d55156f1fc17a7359007acff283fc02bb1
        • Instruction Fuzzy Hash: A241C2B5104701ABC714EF25DD85AFBB7A9FB88704F10492EF456C3640DB78E88A8B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 10010108
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010115
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001011D
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 10010128
        • _crt_debugger_hook.MSVCR100(00000001), ref: 10010139
        • GetCurrentProcess.KERNEL32(C0000409), ref: 10010144
        • TerminateProcess.KERNEL32(00000000), ref: 1001014B
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 3369434319-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: 3dd05fdeb98c840c3ac9c3c292ea311adfb4bbb0d0e4fad1bae5c61b1b3eb1b5
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: 3521DDB8902A24DFF701DF65CDC56443BB6FB1C344F52801AE5088B26AE7B1E980CF09
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 006A02AC
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006A02C1
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 006A02CC
        • GetCurrentProcess.KERNEL32(C0000409), ref: 006A02E8
        • TerminateProcess.KERNEL32(00000000), ref: 006A02EF
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 2579439406-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: 9a47d046e751c7f6fba24edb048225af1123df68d4bd28f757ded3179457943f
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: 3321BAB8802624DFF701DF65DDC96443BBABB1C349F51811AE90887366E7B1D981CF09
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID:
        • String ID: [RO] %ld bytes
        • API String ID: 0-772938740
        • Opcode ID: b6221db8eead90e0c2159f5ab0465850424e783d64b13b324de330d7ded45b2f
        • Instruction ID: 7322f5e5fa6b3b035b878dfe40991121234928e9520a60201d928a8209d78fd8
        • Opcode Fuzzy Hash: b6221db8eead90e0c2159f5ab0465850424e783d64b13b324de330d7ded45b2f
        • Instruction Fuzzy Hash: 312227B4A00B06CFDB64CF69C584A9ABBF1FF48344F20896DD85A97759D730E981CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10005809
        • ExitWindowsEx.USER32(?,00000000), ref: 100059F9
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ExchangeExitInterlockedWindows
        • String ID:
        • API String ID: 1543309128-0
        • Opcode ID: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
        • Instruction ID: e1ee78ba3e4ffb03c5e6a66d01acadce76c954ec158e6bdd089fc7101dc522f3
        • Opcode Fuzzy Hash: a3083d37ad37cc6b66fb216004716209a6c85477102b363bb14ba9b111caafcf
        • Instruction Fuzzy Hash: BD51FA36214A4587D260EF18E4114BBF36AFBD83A3BC0437BEC4943A89DF227465D6E1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 006957B4: LoadLibraryA.KERNEL32(?), ref: 006957EA
          • Part of subcall function 006957B4: GetCurrentProcess.KERNEL32(00000028,?), ref: 0069581F
        • ExitWindowsEx.USER32(?,00000000), ref: 00695B9D
          • Part of subcall function 006957B4: LoadLibraryA.KERNEL32(10012638), ref: 00695877
          • Part of subcall function 006957B4: CloseHandle.KERNEL32(?), ref: 00695896
          • Part of subcall function 006957B4: FreeLibrary.KERNEL32(00000000), ref: 006958A1
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Library$Load$CloseCurrentExitFreeHandleProcessWindows
        • String ID:
        • API String ID: 1803421334-0
        • Opcode ID: ede6d1776a155531ff32603fce61452d8a7694d66da748cae06978486bfb8998
        • Instruction ID: 46cae7c03f7036c4f38d399e8a89d3e9f5e1906c13da6c3baaaa354620e289bd
        • Opcode Fuzzy Hash: ede6d1776a155531ff32603fce61452d8a7694d66da748cae06978486bfb8998
        • Instruction Fuzzy Hash: 5AC0C03230242091C30133B41C0236DB30F8F44301F00421FFC434D5C14C26402043D8
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b6221db8eead90e0c2159f5ab0465850424e783d64b13b324de330d7ded45b2f
        • Instruction ID: 6d26cb6e6552927d761866104043d7aa622f1ee500f6c25619f12389cf4f4fc3
        • Opcode Fuzzy Hash: b6221db8eead90e0c2159f5ab0465850424e783d64b13b324de330d7ded45b2f
        • Instruction Fuzzy Hash: 94223A74A00B06DFDB24CF69C590AAABBF6FF48304F24855DD85A97B55D730E881CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42(0041E8F0,?,00000000), ref: 00403F07
        • #1779.MFC42(000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F23
        • #1779.MFC42(000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F31
        • #1779.MFC42(000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F3F
        • #289.MFC42(?,000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041E8F0,?,00000000), ref: 00403F49
        • #537.MFC42 ref: 00403F5F
        • GetTextExtentPoint32A.GDI32(000003FD,?,?,?), ref: 00403F77
        • #800.MFC42 ref: 00403F81
        • #860.MFC42(?), ref: 00403FDB
        • #860.MFC42(0041E8F0,?), ref: 00403FEB
        • #3092.MFC42(000003F9,0041E8F0,?), ref: 00403FF7
        • #4123.MFC42(000003F9,0041E8F0,?), ref: 00403FFE
        • #3092.MFC42(000003F9,00000000,000003F9,0041E8F0,?), ref: 00404010
        • #2642.MFC42(000003F9,00000000,000003F9,0041E8F0,?), ref: 00404017
        • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404032
        • SendMessageA.USER32(?,00000143,00000000,Image), ref: 00404047
        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404058
        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040406A
        • #1779.MFC42(000003FC,00000001), ref: 00404075
        • #3092.MFC42(000003FB,000003FC,00000001), ref: 00404081
        • #4123.MFC42(000003FB,000003FC,00000001), ref: 00404088
        • #3092.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 0040409A
        • #2642.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 004040A1
        • #3092.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004040AD
        • #4123.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004040B4
        • #3092.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004040C6
        • #2642.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004040CD
        • #3092.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040D9
        • #4123.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040E0
        • #3092.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040F2
        • #2642.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 004040F9
        • #3092.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404105
        • #4123.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 0040410C
        • #3092.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404122
        • #2642.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404129
        • #860.MFC42(?), ref: 0040413D
        • #3092.MFC42(000003F9,?), ref: 00404149
        • #4123.MFC42(000003F9,?), ref: 00404150
        • #3092.MFC42(000003F9,00000001,000003F9,?), ref: 00404162
        • #2642.MFC42(000003F9,00000001,000003F9,?), ref: 00404169
        • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404184
        • SendMessageA.USER32(?,00000143,00000000,Text), ref: 00404199
        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004041AA
        • SendMessageA.USER32(?,00000143,00000000,Numeric), ref: 004041BF
        • SendMessageA.USER32(?,00000151,00000000,00000008), ref: 004041D0
        • SendMessageA.USER32(?,00000143,00000000,Valute), ref: 004041E5
        • SendMessageA.USER32(?,00000151,00000000,00000010), ref: 004041F6
        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040423E
        • #860.MFC42(Edit), ref: 00404268
        • #3092.MFC42(000003FC), ref: 00404274
        • #4123.MFC42(000003FC), ref: 0040427B
        • #3092.MFC42(000003FC,00000001,000003FC), ref: 0040428D
        • #2642.MFC42(000003FC,00000001,000003FC), ref: 00404294
        • #3092.MFC42(000003FB,000003FC), ref: 004042A0
        • #4123.MFC42(000003FB,000003FC), ref: 004042A7
        • #613.MFC42(000003FD,00000001,000003FA,000003FD,000003FB,000003FC), ref: 0040435A
        • #6334.MFC42(00000000,0041E8F0,?,00000000), ref: 00404365
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3092$MessageSend$#4123$#2642$#860$#1779$#289#537#613#6334#800ExtentPoint32Text
        • String ID: AbCdEfGhIj MnOpQrStUvWxYz$Drop down list$Drop list$Edit$Image$Numeric$Text$Valute
        • API String ID: 285005041-2212831474
        • Opcode ID: 8934bc6bbe0fa0a6096075f66ae0a1692b1eea90771ffee815efb275327422ec
        • Instruction ID: 39fd9fe3a332895facbb5041ab076138fb4710014454dede51c1c4bb095e820a
        • Opcode Fuzzy Hash: 8934bc6bbe0fa0a6096075f66ae0a1692b1eea90771ffee815efb275327422ec
        • Instruction Fuzzy Hash: 3BB194707C0705B7DA15B6758C53FEF629AABC4B08F10442EB7966F2C1DEACA981834D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800$#1168#3521$#2818#540$#823#825
        • String ID: ColDef_align_%d$ColDef_descr_%d$ColDef_dwdata_%d$ColDef_id_%d$ColDef_image_%d$ColDef_text_%d$ColDef_textdt_%d$ColDef_width_%d$DefColId %d$DefNum$GfxLists\%s$NumDef
        • API String ID: 1075447880-987619563
        • Opcode ID: cfaf7c08f7831fb750f12e19b72b3a67a14b89d8f55f58651e4972c85e170cb4
        • Instruction ID: 7d5c9dde53b6fb8f7376ba9dac019bff753d84439bb021144b4858278af3f2b1
        • Opcode Fuzzy Hash: cfaf7c08f7831fb750f12e19b72b3a67a14b89d8f55f58651e4972c85e170cb4
        • Instruction Fuzzy Hash: E7D196B56043419FC314EF66C885E5BB3E5AFD8718F00891DF85947392DB38E88ACB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00402AE1
        • #540.MFC42 ref: 00402AF0
        • #2818.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402B09
        • #1168.MFC42 ref: 00402B11
        • #6402.MFC42(?,NumDef,?), ref: 00402B29
        • #2818.MFC42(00000000,DefColId %d,00000000,?,NumDef,?), ref: 00402B42
        • #1168.MFC42(?,NumDef,?), ref: 00402B4A
        • #6402.MFC42(?,?,?,?,NumDef,?), ref: 00402B65
        • #1168.MFC42(?,NumDef,?), ref: 00402B72
        • #6402.MFC42(?,DefNum,?,?,NumDef,?), ref: 00402B8A
        • #2818.MFC42(?,ColDef_id_%d,00000000,?,?,DefNum,?,?,NumDef,?), ref: 00402BA8
        • #1168.MFC42(?,NumDef,?), ref: 00402BB0
        • #6402.MFC42(?,?,?,?,NumDef,?), ref: 00402BCC
        • #2818.MFC42(?,ColDef_align_%d,00000000,?,?,?,?,NumDef,?), ref: 00402BDC
        • #1168.MFC42(?,?,?,?,NumDef,?), ref: 00402BE4
        • #6402.MFC42(?,?,?,?,?,?,?,NumDef,?), ref: 00402C00
        • #2818.MFC42(?,ColDef_width_%d,00000000,?,?,?,?,?,?,?,NumDef,?), ref: 00402C10
        • #1168.MFC42(?,?,?,?,?,?,?,NumDef,?), ref: 00402C18
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C34
        • #2818.MFC42(?,ColDef_image_%d,00000000,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C44
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C4C
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C68
        • #2818.MFC42(?,ColDef_dwdata_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402C78
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,NumDef,?), ref: 00402C80
        • #6402.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402C9C
        • #2818.MFC42(?,ColDef_text_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CAC
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CC6
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CDB
        • #2818.MFC42(?,ColDef_textdt_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402CEB
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D05
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D1A
        • #2818.MFC42(?,ColDef_descr_%d,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D2A
        • #1168.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D44
        • #6403.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D59
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402D77
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415AB0,000000FF), ref: 00402D88
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1168$#2818$#6402$#6403$#540#800
        • String ID: ColDef_align_%d$ColDef_descr_%d$ColDef_dwdata_%d$ColDef_id_%d$ColDef_image_%d$ColDef_text_%d$ColDef_textdt_%d$ColDef_width_%d$DefColId %d$DefNum$GfxLists\%s$NumDef
        • API String ID: 3223794608-987619563
        • Opcode ID: b21316a51268c7347b62c2b8e1f205a039cf426ad8cd0ac8d612c1b753fbb837
        • Instruction ID: 2462b9f26de250466d4c50a8025270bf5cb1097192f8165e5ac676531e417bd2
        • Opcode Fuzzy Hash: b21316a51268c7347b62c2b8e1f205a039cf426ad8cd0ac8d612c1b753fbb837
        • Instruction Fuzzy Hash: 1A8185B56043019FC714EF66D885D9BB3E5EFC8708F10891EF95987381DA38EC468B6A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #323.MFC42 ref: 00404AE5
        • #1640.MFC42(?), ref: 00404B02
        • CopyRect.USER32(?,?), ref: 00404B14
        • #5736.MFC42 ref: 00404B1E
        • CreateRectRgnIndirect.GDI32(?), ref: 00404B40
        • #1641.MFC42(00000000), ref: 00404B4B
        • #5786.MFC42(00418EF8,00000000), ref: 00404B59
        • #2414.MFC42(00418EF8,00000000), ref: 00404B62
        • GetSysColor.USER32(0000000F), ref: 00404B69
        • #2754.MFC42(?,00000000), ref: 00404B79
        • GetTextExtentPoint32A.GDI32(?,0041E4C4,00000001,?), ref: 00404B8F
        • SendMessageA.USER32(?,00001203,?,?), ref: 00404BCC
        • #537.MFC42(0041E8F4), ref: 00404C32
        • #5710.MFC42(?,00000001,0041E8F4), ref: 00404C55
        • #800.MFC42(?,?,00000001,0041E8F4), ref: 00404C95
        • atoi.MSVCRT ref: 00404CAB
        • ImageList_GetImageInfo.COMCTL32(?,00000000,?), ref: 00404CC6
        • CopyRect.USER32(?,?), ref: 00404CE1
        • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000001), ref: 00404D4E
        • CopyRect.USER32(?,?), ref: 00404D89
        • GetSysColor.USER32(00000014), ref: 00404D97
        • #472.MFC42(00000000,00000001,00000000), ref: 00404DA2
        • GetSysColor.USER32(00000010), ref: 00404DB1
        • #472.MFC42(00000000,00000001,00000000), ref: 00404DBC
        • #5788.MFC42(00008924,00000000,00000001,00000000), ref: 00404DD2
        • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 00404DFD
        • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E1C
        • #4133.MFC42(?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E40
        • #4297.MFC42(?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E5E
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404E6C
        • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 00404EF4
        • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F10
        • #4297.MFC42(?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F30
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F3E
        • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00404F58
        • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001), ref: 00404F69
        • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404F77
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404F91
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00404FAE
        • GetStockObject.GDI32(00000000), ref: 00404FD5
        • #2860.MFC42(00000000), ref: 00404FDC
        • SelectObject.GDI32(?,?), ref: 00404FF6
        • CopyRect.USER32(?,?), ref: 00405004
        • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0040502C
        • SelectObject.GDI32(?,00000000), ref: 0040503C
        • #5678.MFC42(?,0041E8F4), ref: 00405047
        • #2450.MFC42(?,0041E8F4), ref: 00405050
        • #800.MFC42(?,0041E8F4), ref: 00405061
        • #2414.MFC42(?,0041E8F4), ref: 0040507A
        • #640.MFC42(?,0041E8F4), ref: 00405096
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #4133Rect$#2414#4297#5788Copy$ColorImageObject$#472#800List_Select$#1640#1641#2450#2754#2860#323#537#5678#5710#5736#5786#640CreateDrawExtentIndirectInfoMessagePoint32SendStockTextatoi
        • String ID:
        • API String ID: 412523226-0
        • Opcode ID: bc0113e2abf1fc6b0eebd09490625daf28f311cb1523731e2a29a657ca89ff17
        • Instruction ID: 039a790d01d9a3f6ed46229a5f86c2c09cdd15c3c79520a1596a1775aaf635d3
        • Opcode Fuzzy Hash: bc0113e2abf1fc6b0eebd09490625daf28f311cb1523731e2a29a657ca89ff17
        • Instruction Fuzzy Hash: 6D026A71208341AFD714DF68C984EABBBE9FBC8704F048A1EF59593290DB74E909CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 004052BC
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405301
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405331
        • GetClientRect.USER32(?,?), ref: 00405350
        • InvalidateRect.USER32(?,?,00000001), ref: 00405360
        • #289.MFC42 ref: 0040536B
        • #283.MFC42(000000FF), ref: 00405384
        • #5788.MFC42(?,000000FF), ref: 0040539A
        • #472.MFC42(00000000,00000001,000000FF,?,000000FF), ref: 004053AE
        • #5788.MFC42(?,00000000,00000001,000000FF,?,000000FF), ref: 004053C4
        • Polygon.GDI32(?,?,00000003), ref: 00405405
        • #5788.MFC42(00000000), ref: 00405429
        • #5788.MFC42(?,00000000), ref: 00405437
        • #2414.MFC42(?,00000000), ref: 00405451
        • #2414.MFC42(?,00000000), ref: 0040546F
        • #613.MFC42(?,00000000), ref: 00405487
        • GetParent.USER32(?), ref: 0040549D
        • #2864.MFC42(00000000), ref: 004054A0
        • #289.MFC42(00000000,00000000), ref: 004054AA
        • ClientToScreen.USER32(?,?), ref: 004054D2
        • GetParent.USER32(?), ref: 004054DC
        • #2864.MFC42(00000000), ref: 004054DF
        • ScreenToClient.USER32(?,?), ref: 004054ED
        • IsRectEmpty.USER32 ref: 00405564
        • #2571.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 0040558F
        • #613.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 004055BE
        • SetCapture.USER32(?), ref: 004055E5
        • #2864.MFC42(00000000), ref: 004055EC
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405604
        • #823.MFC42 ref: 00405610
        • SendMessageA.USER32 ref: 00405638
        • SendMessageA.USER32(?,00001204,00000000,?), ref: 00405674
        • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 0040568A
        • InvalidateRect.USER32(?,00000000,00000001,?), ref: 004056A3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageRectSend$#5788$#2864Client$#2414#289#613InvalidateParentScreen$#2379#2571#283#472#823CaptureEmptyPolygon
        • String ID:
        • API String ID: 1922829686-0
        • Opcode ID: 4a6f40e4aa702489a68b085a0504b3d59237b84a2a18cdf0e9c50b9a173c424d
        • Instruction ID: 82df2853a0fb180429eb182a71e8357b81a832085c108d44d6679048a24b17b2
        • Opcode Fuzzy Hash: 4a6f40e4aa702489a68b085a0504b3d59237b84a2a18cdf0e9c50b9a173c424d
        • Instruction Fuzzy Hash: 4AC17A71604B459FD324DF69C885BABBBE4FF88304F008A2DB59A83391DB74A805CF56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetClientRect.USER32(?,?), ref: 00406287
        • GetParent.USER32(?), ref: 00406291
        • #2864.MFC42(00000000), ref: 00406298
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 004062AD
        • #2860.MFC42(00000000), ref: 004062B0
        • #289.MFC42(?,00000000), ref: 004062C0
        • #5788.MFC42 ref: 004062D2
        • #537.MFC42(0041E4C8), ref: 004062E2
        • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 004062FA
        • #800.MFC42 ref: 00406304
        • #5788.MFC42(00000000), ref: 00406315
        • SetRect.USER32(?,?,?,?,00000064), ref: 00406354
        • #613.MFC42 ref: 00406366
        • PtInRect.USER32(?,?,?), ref: 0040639D
        • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 004063C9
        • #6605.MFC42(?), ref: 004063DB
        • GetParent.USER32(?), ref: 004063EA
        • #2864.MFC42(00000000), ref: 004063ED
        • #6880.MFC42(?,00000000), ref: 004063F9
        • GetParent.USER32(?), ref: 00406402
        • #2864.MFC42(00000000), ref: 00406405
        • #3089.MFC42(00000000), ref: 0040640E
        • #2099.MFC42(50A00002,?,00000000,-00000002,00000000), ref: 00406424
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 0040644E
        • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 00406469
        • #6197.MFC42(6D18A098,00000000,00000000,?,?,00000002), ref: 00406496
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004064B2
        • #540.MFC42 ref: 004064B8
        • #3874.MFC42(?), ref: 004064E1
        • SendMessageA.USER32(?,000001A2,000000FF,?), ref: 004064F9
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 0040650A
        • #5981.MFC42 ref: 0040650E
        • #800.MFC42 ref: 0040651F
        • #2379.MFC42 ref: 00406545
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Message$Send$#2864ParentRect$#5788#800$#2099#2379#2860#289#3089#3874#537#540#5981#613#6197#6605#6880ClientExtentPoint32PostText
        • String ID:
        • API String ID: 1027999965-0
        • Opcode ID: 313321117aebee223969b496d5ebba19a55e489b701f427e37adae4f4a9be89a
        • Instruction ID: 7cbf6be3131d2d9ecf6352c379953d8a8d3df86d32612ec5467f061301b8da4e
        • Opcode Fuzzy Hash: 313321117aebee223969b496d5ebba19a55e489b701f427e37adae4f4a9be89a
        • Instruction Fuzzy Hash: 5D919C72204700AFD624DB65CD81FABB3E9EBC8B04F004A1DB5969B3C1DB78E805CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800$#1168Global$#1669#2652#2864#3157#3286#4294#5981#858#941AllocFocusFreeInvalidateMessageRectSend
        • String ID: DESC
        • API String ID: 3098961414-461850341
        • Opcode ID: 9fc9eee4e1c60844eda0d9a80670611ff6bb75f38e61ee648d43a4148bf46867
        • Instruction ID: 82293ead447ef0fa43aef4f343148aa742e70ef23db83f72eaefa16cffdeaec8
        • Opcode Fuzzy Hash: 9fc9eee4e1c60844eda0d9a80670611ff6bb75f38e61ee648d43a4148bf46867
        • Instruction Fuzzy Hash: 5481D2302047819BD324EB75C851BEBBBE4AFD5308F00482EF59A577D2DB78A849C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004037AB
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004037C7
        • #3092.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004037D8
        • #4123.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004037DF
        • #3092.MFC42(000003F3,00000001,000003F3,?,00000000,00403425,00000001), ref: 004037F1
        • #2642.MFC42(000003F3,00000001,000003F3,?,00000000,00403425,00000001), ref: 004037F8
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403813
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403827
        • #3092.MFC42(000003F5,00000000,00403425,00000001), ref: 00403836
        • #4123.MFC42(000003F5,00000000,00403425,00000001), ref: 0040383D
        • #3092.MFC42(000003F5,00000000,000003F5,00000000,00403425,00000001), ref: 0040384E
        • #2642.MFC42(000003F5,00000000,000003F5,00000000,00403425,00000001), ref: 00403855
        • #3092.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403863
        • #4123.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040386A
        • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040387C
        • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403883
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040389D
        • #3092.MFC42(000003F4,?,00000000,00403425,00000001), ref: 004038AA
        • #4123.MFC42(000003F4,?,00000000,00403425,00000001), ref: 004038B1
        • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 004038CC
        • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 004038D3
        • #3092.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004038E9
        • #4123.MFC42(000003F3,?,00000000,00403425,00000001), ref: 004038F0
        • #3092.MFC42(000003F3,00000000,000003F3,?,00000000,00403425,00000001), ref: 00403902
        • #2642.MFC42(000003F3,00000000,000003F3,?,00000000,00403425,00000001), ref: 00403909
        • #3092.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040391A
        • #4123.MFC42(000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403921
        • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403933
        • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040393A
        • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403946
        • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040394D
        • #3092.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 0040395F
        • #2642.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403425,00000001), ref: 00403966
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3092$#4123$#2642$MessageSend
        • String ID:
        • API String ID: 3525747040-0
        • Opcode ID: 35fde5e54a4ff82f5fbc2139ecfb3dae29db83457f47ebb12d677ebae8b7e11a
        • Instruction ID: 17f5285e64e12323a33fd4f0a7c7dbe1b8949c21e6d85a8237c4c60d142ee7ee
        • Opcode Fuzzy Hash: 35fde5e54a4ff82f5fbc2139ecfb3dae29db83457f47ebb12d677ebae8b7e11a
        • Instruction Fuzzy Hash: 24410D31BC0B4272ED1636760D26BBF158E5BC1B19F11043EB742AF2C1EDACAB81428D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4837.MFC42(?,?,?), ref: 0040ECAB
        • GetFocus.USER32 ref: 0040ECFB
        • #2864.MFC42(00000000), ref: 0040ED02
        • #5981.MFC42(00000000), ref: 0040ED0D
        • GetMessagePos.USER32 ref: 0040ED39
        • #3092.MFC42(00000000), ref: 0040ED5C
        • ScreenToClient.USER32(?,?), ref: 0040ED6C
        • SendMessageA.USER32(?,00001207,00000000,?), ref: 0040ED93
        • PtInRect.USER32(?,?,?), ref: 0040EDA8
        • SendMessageA.USER32(?,00001207,00000001,?), ref: 0040EDC2
        • CreatePopupMenu.USER32 ref: 0040EDE4
        • #1644.MFC42(00000000), ref: 0040EDEF
        • AppendMenuA.USER32(?,00000000,00008023,Sort ascending), ref: 0040EE0B
        • AppendMenuA.USER32(?,00000000,00008024,Sort descending), ref: 0040EE1E
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 0040EE2E
        • AppendMenuA.USER32(?,00000000,00008022,Customize header), ref: 0040EE41
        • AppendMenuA.USER32(?,00000000,00008021,Header format), ref: 0040EE54
        • #6270.MFC42(00000002,?,?,?,00000000,?,?,?,00000081), ref: 0040EE94
        • #2438.MFC42(00000002,?,?,?,00000000,?,?,?,00000081), ref: 0040EE9D
        • GetClientRect.USER32(?,?), ref: 0040EED7
        • GetMessagePos.USER32 ref: 0040EEDD
        • ScreenToClient.USER32(?,?), ref: 0040EEFD
        • InvalidateRect.USER32(?,?,00000001), ref: 0040EF16
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Menu$Append$Message$ClientRect$ScreenSend$#1644#2438#2864#3092#4837#5981#6270CreateFocusInvalidatePopup
        • String ID: Customize header$Header format$Sort ascending$Sort descending
        • API String ID: 3140647289-3541644344
        • Opcode ID: 3ab752fe8da68388f122791de50860eb8ce432f3ad47a37ce578f96632b7ae86
        • Instruction ID: b096fa76e7861574b6a60656225eaf612cc80b02b7834a888e6a8a651076e704
        • Opcode Fuzzy Hash: 3ab752fe8da68388f122791de50860eb8ce432f3ad47a37ce578f96632b7ae86
        • Instruction Fuzzy Hash: 97817F71204301ABD224DF25CC85FABB7A8FFC4714F508A2EB595972D0DB78E845CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #567.MFC42 ref: 00409382
          • Part of subcall function 00404940: #567.MFC42 ref: 00404943
        • #540.MFC42 ref: 0040940B
        • #384.MFC42 ref: 0040943B
          • Part of subcall function 00411870: #567.MFC42(?,?,00000000), ref: 00411891
          • Part of subcall function 00411870: #1168.MFC42(?,?,00000000), ref: 004118A2
          • Part of subcall function 00411870: GetClassInfoA.USER32(?,ZGfxListTip,?), ref: 004118B5
          • Part of subcall function 00411870: LoadCursorA.USER32 ref: 004118E7
          • Part of subcall function 00411870: #1232.MFC42(?,?,?,?,?,?,?,00007F00), ref: 0041190A
          • Part of subcall function 00411870: #1270.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00411913
        • GetSysColor.USER32(00000008), ref: 00409497
        • GetSysColor.USER32(00000005), ref: 004094A1
        • GetSysColor.USER32(00000005), ref: 004094AB
        • GetSysColor.USER32(0000000D), ref: 004094B5
        • GetSysColor.USER32(00000003), ref: 004094BF
        • GetSysColor.USER32(0000000F), ref: 004094C9
        • #823.MFC42(00000008), ref: 004094D9
        • #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
        • #823.MFC42(00000008), ref: 0040950E
        • #472.MFC42(00000000,00000001,00808080), ref: 0040952D
        • GetStockObject.GDI32(00000011), ref: 00409549
        • #2860.MFC42(00000000), ref: 00409550
        • GetObjectA.GDI32(?,0000003C,?), ref: 00409560
        • CreateFontIndirectA.GDI32(?), ref: 00409571
        • #1641.MFC42(00000000), ref: 00409576
        • CreateFontIndirectA.GDI32(?), ref: 00409588
        • #1641.MFC42(00000000), ref: 00409591
        • CreateFontIndirectA.GDI32(?), ref: 004095A4
        • #1641.MFC42(00000000), ref: 004095AD
        • CreateFontIndirectA.GDI32(?), ref: 004095C0
        • #1641.MFC42(00000000), ref: 004095C9
        • #860.MFC42 ref: 0040966F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Color$#1641CreateFontIndirect$#567$#472#823Object$#1168#1232#1270#2860#384#540#860ClassCursorInfoLoadStock
        • String ID: TA$Gfx list Control
        • API String ID: 541820374-2214082147
        • Opcode ID: af20fa995b7baad3c8914a666c68df949465ddab30d84b08863d306391cf4324
        • Instruction ID: 53d1cc0488371fdabd15697a8799b67ef86157bc58f1a4fdb1e14418e0406ef9
        • Opcode Fuzzy Hash: af20fa995b7baad3c8914a666c68df949465ddab30d84b08863d306391cf4324
        • Instruction Fuzzy Hash: 8F91F7B0904B409ED361DF3AC8857DBFBE0BB99304F40492EE4AE87281DBB86544CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C87D
        • #3293.MFC42(00000000,?,00000000), ref: 0040C898
        • #470.MFC42 ref: 0040C8BD
        • #2971.MFC42(?), ref: 0040C8D6
        • IsRectEmpty.USER32(?), ref: 0040C8E0
        • InvalidateRect.USER32(?,?,00000000), ref: 0040C912
        • #755.MFC42 ref: 0040C927
        • #3021.MFC42 ref: 0040C92C
        • GetClientRect.USER32(?,?), ref: 0040C95F
        • #3092.MFC42(00000000), ref: 0040C965
        • GetClientRect.USER32(?,?), ref: 0040C973
        • #289.MFC42 ref: 0040C99B
        • GetSysColor.USER32(00000011), ref: 0040C9AD
        • #6172.MFC42(00000000), ref: 0040C9B8
        • #5875.MFC42(00000001,00000000), ref: 0040C9C5
        • #5788.MFC42(?,00000001,00000000), ref: 0040C9D7
        • #2754.MFC42(?,?,?,00000001,00000000), ref: 0040C9EE
        • #537.MFC42(Nessun elemento presente nella lista,?,?,?,00000001,00000000), ref: 0040C9FC
        • #800.MFC42 ref: 0040CA2E
        • #5788.MFC42(00000000), ref: 0040CA38
        • #5875.MFC42(00000000,00000000), ref: 0040CA42
        • #6172.MFC42(00000000,00000000,00000000), ref: 0040CA4C
        • EnableScrollBar.USER32(?,00000000,00000003), ref: 0040CA65
        • #613.MFC42(00000000,00000000), ref: 0040CA7A
        • #3293.MFC42(00000000,?,00000000), ref: 0040CA97
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040CABE
        Strings
        • Nessun elemento presente nella lista, xrefs: 0040C9F3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Rect$#3293#5788#5875#6172ClientEnableScroll$#2754#289#2971#3021#3092#470#537#613#755#800ColorEmptyInvalidateMessageSend
        • String ID: Nessun elemento presente nella lista
        • API String ID: 3469473975-42175248
        • Opcode ID: 3365020d22fe36770b1a28325fbe90796fa1979fb335794ddb9609467bcc4419
        • Instruction ID: 9d4b62dbb3eb15a24ffef9cc9b18b3bf9f5c6e1370cac318d9e9737f810eb455
        • Opcode Fuzzy Hash: 3365020d22fe36770b1a28325fbe90796fa1979fb335794ddb9609467bcc4419
        • Instruction Fuzzy Hash: D2716771204705AFD318DB24C895FEBB3E4FB88708F008A1DF59A972C1EB78A945CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #1168.MFC42 ref: 0040BF85
        • #1669.MFC42 ref: 0040BF8D
        • #540.MFC42 ref: 0040C006
        • #540.MFC42 ref: 0040C014
        • #540.MFC42 ref: 0040C022
        • #540.MFC42 ref: 0040C030
        • #540.MFC42 ref: 0040C03E
        • #540.MFC42 ref: 0040C04C
        • #540.MFC42 ref: 0040C05A
        • #3157.MFC42(?,?,00000001), ref: 0040C076
        • #858.MFC42(?,?,?,00000001), ref: 0040C089
        • #941.MFC42( DESC,?,?,?,00000001), ref: 0040C0A0
        • #4294.MFC42 ref: 0040C0B6
        • InvalidateRect.USER32(?,00000000,00000001), ref: 0040C0C3
        • #800.MFC42 ref: 0040C0E2
        • #800.MFC42 ref: 0040C0F0
        • #800.MFC42 ref: 0040C0FE
        • #800.MFC42 ref: 0040C10C
        • #800.MFC42 ref: 0040C11A
        • #800.MFC42 ref: 0040C128
        • #800.MFC42 ref: 0040C136
          • Part of subcall function 00401860: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401879
          • Part of subcall function 00401860: SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401888
          • Part of subcall function 00401860: #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018A2
          • Part of subcall function 00401860: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018BD
          • Part of subcall function 00401860: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401904
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040C248
        • SendMessageA.USER32(?,00001013,00000000,00000000), ref: 0040C25A
        • #1168.MFC42 ref: 0040C264
        • #2652.MFC42 ref: 0040C26C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800$MessageSend$#1168$#1669#2652#3157#3998#4294#6007#858#941InvalidateRect
        • String ID: DESC
        • API String ID: 3819644337-461850341
        • Opcode ID: 46f9dab6e9bbb5a1addd25dce834875368a553045fcf73aa664a565f92a008d0
        • Instruction ID: c1cc99a47b6fc472182f82ee14ee6a7d1160405c2233eb0f3408a514e61dfe21
        • Opcode Fuzzy Hash: 46f9dab6e9bbb5a1addd25dce834875368a553045fcf73aa664a565f92a008d0
        • Instruction Fuzzy Hash: FF91B2302047419BD718EF66C851BABB7E5BFC5304F044A2DF996573C2DB38A845CBAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#1641CreateFontIndirect$#3908#537#800CapsDeviceExtentPoint32Text$#2243MessageObjectRectSend
        • String ID: Arial
        • API String ID: 4053870105-493054409
        • Opcode ID: 3c0825fd577ed6937d654c82a1f424b82f65897435ebce485725d1de76577f86
        • Instruction ID: dac70bb6652b2dae7423e70c659d0cafb90daaadfd546fffdeb6463f3bbc922b
        • Opcode Fuzzy Hash: 3c0825fd577ed6937d654c82a1f424b82f65897435ebce485725d1de76577f86
        • Instruction Fuzzy Hash: E9917674204605EFC724DF65C884EEAB7E9BF88304F108A1DF9498B291DB34EA45CF95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend$#5788ClientRect$#2379#2860#3874#4299#540#562#5981#6605#6880#800#816ExtentPoint32StateText
        • String ID:
        • API String ID: 854166642-0
        • Opcode ID: f94e05b1174271f834907c53a2a87a1902047347a69bb4efb7eefa74225fcbd9
        • Instruction ID: f12c74dc217e1773ef65b4ac58853315ae5ca3eb34203df8b85d6e6aeda21753
        • Opcode Fuzzy Hash: f94e05b1174271f834907c53a2a87a1902047347a69bb4efb7eefa74225fcbd9
        • Instruction Fuzzy Hash: 4861DE762047409FC714EBA5C985EAFB7E9FBC8714F008A2EF58583281DB78E841CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401C5E
        • GlobalAlloc.KERNEL32(00000040,00000004), ref: 00401C6A
        • #823.MFC42(?), ref: 00401C8F
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401CCC
        • GlobalAlloc.KERNEL32(00000040,00000004), ref: 00401CDF
        • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 00401D4E
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?), ref: 00401D68
        • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 00401DCA
        • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 00401DDE
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00401E14
        • #6907.MFC42(00000000,00000000,?), ref: 00401E29
        • #3293.MFC42(00000000,?,00000000,00000000,00000000,?), ref: 00401E38
        • InvalidateRect.USER32(?,?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00401E48
        • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 00401E68
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 00401E85
        • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 00401E9F
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00401ED5
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401EEA
        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401F02
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401F1E
        • #3293.MFC42(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000), ref: 00401F2D
        • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000), ref: 00401F3D
        • #800.MFC42 ref: 00401F4F
        • #825.MFC42(?,?,?,?,?,?,?,?), ref: 00401F83
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AllocGlobal$#6007MessageSend$#2818#3293#3998#540InvalidateRect$#6907#800#823#825
        • String ID: Categoria: %s (%d element%c)
        • API String ID: 700626880-3571718097
        • Opcode ID: eabe19a968aec875cdd2895809b80f2db1abffd81a4ffeb828a50b9e46b461d0
        • Instruction ID: 7f54d0389154129595d08d4b7432f0e7d08937092b88ea56da46f5425459b6ac
        • Opcode Fuzzy Hash: eabe19a968aec875cdd2895809b80f2db1abffd81a4ffeb828a50b9e46b461d0
        • Instruction Fuzzy Hash: 63B16CB4244701AFE224CF14CC81F6BB7E5EB88714F108A2DF6969B3D1D774E8468B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800$#1168$#1669#2652#2864#3157#4294#5981#858FocusInvalidateRect
        • String ID:
        • API String ID: 1251853744-0
        • Opcode ID: a43c69addfd2cdae9c238fe8543b46bd51e631112be96eff152d4898a0b82412
        • Instruction ID: 3577c716a8a40f0af3f31a509f4da41889e471636f39d5e28eb516911a94ecf3
        • Opcode Fuzzy Hash: a43c69addfd2cdae9c238fe8543b46bd51e631112be96eff152d4898a0b82412
        • Instruction Fuzzy Hash: A581C2302047819BD324EB75C851BEBBBD4AFD5308F00482EF596577D2DB78A849C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2414.MFC42 ref: 004101DE
        • #2414.MFC42 ref: 004101F3
        • #1168.MFC42 ref: 004101F8
        • LoadImageA.USER32(?,?,00000000,00000000,00000000,00002000), ref: 00410214
        • #1641.MFC42(00000000), ref: 00410231
        • GetObjectA.GDI32(?,00000018,?), ref: 0041024A
        • #2408.MFC42 ref: 00410273
        • #2096.MFC42(?,?,00000010,00000001,00000000), ref: 0041028E
        • ImageList_Add.COMCTL32(?,?,00000000,?,?,00000010,00000001,00000000), ref: 004102A8
        • GetObjectA.GDI32(?,00000054,?), ref: 004102BC
        • #289.MFC42(00000000), ref: 004102DA
        • CreateHalftonePalette.GDI32(?), ref: 004102F7
        • #1641.MFC42(00000000), ref: 00410304
        • #823.MFC42(00000000), ref: 00410316
        • #323.MFC42 ref: 00410324
        • CreateCompatibleDC.GDI32(?), ref: 00410340
        • #1640.MFC42(00000000), ref: 0041034B
        • #5785.MFC42(?,?,00000000), ref: 0041035D
        • GetDIBColorTable.GDI32(?,00000000,?,00000000,?,?,00000000), ref: 00410375
        • #823.MFC42(00000000), ref: 00410383
        • CreatePalette.GDI32(00000000), ref: 004103C0
        • #1641.MFC42(00000000), ref: 004103CD
        • #825.MFC42(00000000,00000000), ref: 004103D3
        • #825.MFC42(00000000,00000000,00000000), ref: 004103D9
        • #640.MFC42 ref: 004103ED
        • InvalidateRect.USER32(?,00000000,00000001), ref: 004103FA
        • #613.MFC42 ref: 0041040F
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1641Create$#2414#823#825ImageObjectPalette$#1168#1640#2096#2408#289#323#5785#613#640ColorCompatibleHalftoneInvalidateList_LoadRectTable
        • String ID:
        • API String ID: 1329931383-0
        • Opcode ID: dc722f1a0012b8bd86470215f29ccf7f638eb1e8d95f030c16b86b23e0f09e50
        • Instruction ID: 83db23f6c95506ed2866b3d15723d278ee382e109672e354415f5b404e91587e
        • Opcode Fuzzy Hash: dc722f1a0012b8bd86470215f29ccf7f638eb1e8d95f030c16b86b23e0f09e50
        • Instruction Fuzzy Hash: 2861E071244745AFD724DB60CC85FEBB7A8BF85708F00451DF89997281DBB8E888CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040D037
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
          • Part of subcall function 0040DA60: #3293.MFC42(00000000,?,00000000,76933EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
          • Part of subcall function 0040DA60: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
          • Part of subcall function 0040DA60: GetClientRect.USER32(?,?), ref: 0040DAF3
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D065
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040D08E
        • #3293.MFC42(?,?,00000000), ref: 0040D0B0
        • GetClientRect.USER32(?,?), ref: 0040D0DA
        • SendMessageA.USER32 ref: 0040D0FA
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D13A
        • #3286.MFC42(?), ref: 0040D157
        • #540.MFC42(?), ref: 0040D164
        • #823.MFC42(00000054), ref: 0040D189
        • #535.MFC42(?,?,?), ref: 0040D1B5
        • #2111.MFC42(?,?,?,00000068), ref: 0040D1E2
        • #540.MFC42(?,?,?,00000068), ref: 0040D1EB
        • #3089.MFC42(?,?,?,00000068), ref: 0040D238
        • SendMessageA.USER32(?,00000030,?,00000000), ref: 0040D315
        • SendMessageA.USER32(?,00000434,00000000,?), ref: 0040D34F
        • #6134.MFC42(00000000,000000FF,?,00000068), ref: 0040D357
        • #5937.MFC42(0000003C,00000000,000000FF,?,00000068), ref: 0040D366
        • #6136.MFC42(0000003C,0000003C,00000000,000000FF,?,00000068), ref: 0040D375
        • SendMessageA.USER32(?,00000437,00000000,?), ref: 0040D38A
        • #800.MFC42(?,?,?,00000068), ref: 0040D3A0
        • #800.MFC42(?,?,?,00000068), ref: 0040D3B4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#540#800Client$#2111#3089#3092#3286#535#5937#6134#6136#823
        • String ID: <
        • API String ID: 3875506128-4251816714
        • Opcode ID: 7148013d5230c4efe86183ce90d0bedf211a6f6e309a2e00c48074e0430547c5
        • Instruction ID: 3e3b0393a419632c5e36a4a5c74c9674df9c160c1db1b2e7ebbc74f75fa08636
        • Opcode Fuzzy Hash: 7148013d5230c4efe86183ce90d0bedf211a6f6e309a2e00c48074e0430547c5
        • Instruction Fuzzy Hash: CCB152716083459FD324DFA5C851FABB7E8BBC8704F004A2DB999A73C1D778E8058B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 006958C4: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 006958E8
          • Part of subcall function 006958C4: Process32First.KERNEL32(00000000,00000128), ref: 006958F8
          • Part of subcall function 006958C4: Process32Next.KERNEL32(00000000,00000128), ref: 00695921
          • Part of subcall function 006958C4: CloseHandle.KERNEL32(00000000), ref: 00695934
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0069E061
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0069E07E
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0069E13D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0069E17C
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0069E1BB
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0069E1FA
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0069E239
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0069E278
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0069E2B7
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0069E2F6
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0069E335
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0069E374
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0069E3B3
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0069E3F2
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0069E431
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0069E481
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0069E495
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0069E4C3
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0069E4E0
        • CloseHandle.KERNEL32(?), ref: 0069E4FE
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0069E519
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenProcess32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
        • String ID:
        • API String ID: 378158439-3916222277
        • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction ID: e65ebe575523ed6634e7b2d11f6ed4259b4fa48c1df197dc9a5564ea9a7dffb5
        • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction Fuzzy Hash: 0C1295B1E40219ABEB14CFD5CD81BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(0041E8F0), ref: 00413E38
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416E88,000000FF), ref: 00413E4D
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416E88,000000FF), ref: 00413E5D
        • #6883.MFC42(?,?,?), ref: 00413E6D
        • #537.MFC42(Provincia,?,?,?), ref: 00413E7B
        • #6883.MFC42(?,00000000,Provincia,?,?,?), ref: 00413E90
        • #800.MFC42(?,00000000,Provincia,?,?,?), ref: 00413E9D
        • #537.MFC42(Anas,?,00000000,Provincia,?,?,?), ref: 00413EAB
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EC0
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413ECD
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EDB
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EF0
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413EFD
        • #540.MFC42 ref: 00413F35
        • #2818.MFC42(?,TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set), ref: 00413F48
        • #800.MFC42 ref: 00413F7F
        Strings
        • TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set, xrefs: 00413F3E
        • Comune, xrefs: 00413ED2
        • Anas, xrefs: 00413EA2
        • Provincia, xrefs: 00413E72
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6883#800$#537$#2818#540
        • String ID: Anas$Comune$Provincia$TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set
        • API String ID: 3485451498-1603090807
        • Opcode ID: b2f599e895f2fd9bb441bbbead2d4606f9802e557c184ce80597856937cc387c
        • Instruction ID: 837674c22dec5a00511febd99f2feb49d6c7c5c8d193570f9f5e8aed2ddc022a
        • Opcode Fuzzy Hash: b2f599e895f2fd9bb441bbbead2d4606f9802e557c184ce80597856937cc387c
        • Instruction Fuzzy Hash: 32619E756047009FC320DF15C581BAAB7E1FF88724F504A1EF49A87791C739E98ACB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040DC92
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
          • Part of subcall function 0040D000: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040D037
          • Part of subcall function 0040D000: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040D065
          • Part of subcall function 0040D000: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040D08E
          • Part of subcall function 0040D000: #3293.MFC42(?,?,00000000), ref: 0040D0B0
          • Part of subcall function 0040D000: GetClientRect.USER32(?,?), ref: 0040D0DA
          • Part of subcall function 0040D000: SendMessageA.USER32 ref: 0040D0FA
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040DD0C
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040DD7A
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040DD8E
        • #6905.MFC42(?,00000003,00000003), ref: 0040DDA2
        • #3286.MFC42(?,?,00000003,00000003), ref: 0040DDB4
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040DF39
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040DF4D
        • #6905.MFC42(?,00000003,00000003), ref: 0040DF61
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#6905$#3092#3286#3293ClientRect
        • String ID:
        • API String ID: 3523344188-0
        • Opcode ID: 2b60aedd11388588ad6eaa4c6bc25b14ea1fe7b410079db2cba44b3cb02062f7
        • Instruction ID: e7096fc15e465d85a9c6d6e3b8579a8ccc3c2a617873d283122902e3d91db4ae
        • Opcode Fuzzy Hash: 2b60aedd11388588ad6eaa4c6bc25b14ea1fe7b410079db2cba44b3cb02062f7
        • Instruction Fuzzy Hash: CDE1C731340B0167D624A62ACC41FAFB2D9EBD8B14F104D3EF65AEB2C1DA78E945835C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetMenuItemCount.USER32(?), ref: 00412BE3
        • GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
        • GetSubMenu.USER32(?,-00000001), ref: 00412C15
        • #2863.MFC42(00000000,?,?,?,769A3E40), ref: 00412C1C
        • #540.MFC42(00000000,?,?,?,769A3E40), ref: 00412C40
        • GetMenuStringA.USER32 ref: 00412C61
        • #2919.MFC42(00000002), ref: 00412C70
        • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
        • #5572.MFC42(000000FF), ref: 00412C89
        • ModifyMenuA.USER32(?,-00000001,00000500,000000FF,00000000), ref: 00412CFA
        • #800.MFC42 ref: 00412D0C
          • Part of subcall function 00412BB0: #2614.MFC42 ref: 00412C94
          • Part of subcall function 00412BB0: #2614.MFC42 ref: 00412DA0
          • Part of subcall function 00412BB0: GetMenuState.USER32(?,-00000001,00000400), ref: 00412DDC
          • Part of subcall function 00412BB0: ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 00412E0A
        • GetMenuState.USER32(?,-00000001,00000400), ref: 00412D28
        • #540.MFC42(?,?,?,769A3E40), ref: 00412D46
        • GetMenuStringA.USER32 ref: 00412D61
        • #2919.MFC42(00000002), ref: 00412D74
        • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412D85
        • #5572.MFC42(000000FF), ref: 00412D91
        • ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 00412DBF
        • #800.MFC42 ref: 00412DD1
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Menu$String$Modify$#2614#2919#540#5572#800ItemState$#2863Count
        • String ID:
        • API String ID: 985470246-0
        • Opcode ID: afe2ca6af36c6556a66a390d8aaabe74a20282205839e4415aa45d1496d15e9c
        • Instruction ID: 1e3d82180aa8cebc34db654927162ddc711ceff43e1de25c7cda8741f924e613
        • Opcode Fuzzy Hash: afe2ca6af36c6556a66a390d8aaabe74a20282205839e4415aa45d1496d15e9c
        • Instruction Fuzzy Hash: B471D0B0204715ABC310DF25DD45FEBBBA9FB84714F108A19F565932D0EB78E854CBA8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetClientRect.USER32(?,?), ref: 00405F27
        • GetSysColor.USER32(0000000F), ref: 00405F58
        • #2754.MFC42(?,00000000), ref: 00405F66
        • #2860.MFC42(?,?,00000000), ref: 00405F6F
        • #323.MFC42(?,?,00000000), ref: 00405F7E
        • CreateCompatibleDC.GDI32(00000000), ref: 00405F91
        • #1640.MFC42(00000000), ref: 00405F9C
        • GetObjectA.GDI32(?,00000018,?), ref: 00405FB4
        • #5785.MFC42(?,?), ref: 00405FFD
        • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040602E
        • #5785.MFC42(?,?), ref: 00406045
        • GetSysColor.USER32(00000014), ref: 0040605A
        • GetSysColor.USER32(00000010), ref: 0040605F
        • #2567.MFC42(?,00000000), ref: 00406069
        • InflateRect.USER32(00000000,000000FF,000000FF), ref: 0040607E
        • GetSysColor.USER32(0000000F), ref: 00406086
        • GetSysColor.USER32(0000000F), ref: 00406098
        • #2567.MFC42(?,00000000), ref: 004060A2
        • InflateRect.USER32(00000000,000000FF,000000FF), ref: 004060B0
        • GetSysColor.USER32(00000010), ref: 004060B8
        • GetSysColor.USER32(00000014), ref: 004060BD
        • #2567.MFC42(?,00000000), ref: 004060C7
        • #640.MFC42 ref: 004060D8
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Color$#2567Rect$#5785Inflate$#1640#2754#2860#323#640ClientCompatibleCreateObject
        • String ID:
        • API String ID: 881363819-0
        • Opcode ID: 45e6d8854057d670ca300c119c06241f51ab5478347eba5981c65c1d3a3f7dc3
        • Instruction ID: a3dfc8a6be821aa3e2151bfcb2a784a632a231e80bcbe86321ee10d835f47131
        • Opcode Fuzzy Hash: 45e6d8854057d670ca300c119c06241f51ab5478347eba5981c65c1d3a3f7dc3
        • Instruction Fuzzy Hash: E4516B72208345AFC714DF69CC44EABBBE8EBC8710F104A2DB595D32D1CA74D804CB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00405CB6
        • GetClientRect.USER32(?,?), ref: 00405CD5
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00405D17
        • #2860.MFC42(?), ref: 00405D1A
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405D31
        • #3089.MFC42 ref: 00405D4C
        • #2111.MFC42(50000080,?,?,00000001), ref: 00405D60
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405D78
        • #6199.MFC42(?,?,00000001), ref: 00405D80
        • SendMessageA.USER32(?,00000434,00000000,?), ref: 00405DB2
        • #6134.MFC42(00000000,000000FF), ref: 00405DBA
        • #5937.MFC42(0000003C,00000000,000000FF), ref: 00405DC6
        • #6136.MFC42(0000003C,0000003C,00000000,000000FF), ref: 00405DD2
        • SendMessageA.USER32(?,00000437,00000000,?), ref: 00405DEA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#2111#2379#2860#3089#5937#6134#6136#6199ClientRect
        • String ID: <
        • API String ID: 3436560166-4251816714
        • Opcode ID: 79845bbe6319cc47294b85b4fb108bc0c2a798a68fc4d342cb2746c808b5bc3d
        • Instruction ID: fb730d80e9601ea83bee57e1dd4651bbe9b901671f526456dca0c5c8201d6f51
        • Opcode Fuzzy Hash: 79845bbe6319cc47294b85b4fb108bc0c2a798a68fc4d342cb2746c808b5bc3d
        • Instruction Fuzzy Hash: 5D41A175204700AFD624DB65CC91FEBB7E9EFC8704F008A1EB99697380DA74E900CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3763.MFC42(?,?), ref: 004084BF
        • GetParent.USER32(?), ref: 004084DF
        • #2864.MFC42(00000000), ref: 004084E6
        • SendMessageA.USER32(?,00000403,00000002,?), ref: 00408512
        • #3763.MFC42(?,?), ref: 00408546
        • #540.MFC42(?,?), ref: 0040854F
        • #3874.MFC42(?), ref: 00408563
        • GetParent.USER32(?), ref: 00408588
        • #2864.MFC42(00000000), ref: 0040858F
        • SendMessageA.USER32(?,00000403,00000003,?), ref: 004085BB
        • #800.MFC42 ref: 004085CD
        • #800.MFC42(?), ref: 004085F6
        • GetParent.USER32(?), ref: 0040860E
        • #2864.MFC42(00000000), ref: 00408615
        • SendMessageA.USER32(?,00000403,00000004,?), ref: 00408641
        • GetParent.USER32(?), ref: 0040866F
        • #2864.MFC42(00000000), ref: 00408676
        • SendMessageA.USER32(?,00000403,00000005,?), ref: 004086A2
          • Part of subcall function 00408730: #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,004161E8,000000FF,004082DC), ref: 00408751
          • Part of subcall function 00408730: #3874.MFC42 ref: 00408765
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 004087B0
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 004087B3
          • Part of subcall function 00408730: #3089.MFC42(00000000), ref: 004087C1
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 00408806
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 00408809
          • Part of subcall function 00408730: GetParent.USER32(?), ref: 00408814
          • Part of subcall function 00408730: #2864.MFC42(00000000), ref: 00408817
          • Part of subcall function 00408730: #3089.MFC42(00000000), ref: 00408820
          • Part of subcall function 00408730: SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408831
          • Part of subcall function 00408730: #800.MFC42 ref: 00408843
        • #5290.MFC42(?), ref: 00408714
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend$#800$#3089#3763#3874#540$#5290
        • String ID:
        • API String ID: 4283597796-0
        • Opcode ID: e213cfe3f1af5e95e5f3df5f8dd5a2fad33cedac6a772db0a0d48a12eabc814a
        • Instruction ID: 3d100f1488813eaa286ad80785d217ac773cdf5a01a2f1d83fece7d185f43b32
        • Opcode Fuzzy Hash: e213cfe3f1af5e95e5f3df5f8dd5a2fad33cedac6a772db0a0d48a12eabc814a
        • Instruction Fuzzy Hash: E9718F752007019FC718DF19C984AAFB7E5FB98710F10892EF59593780DB78E982CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00408E51
        • #540.MFC42(?,?,?,?,?,004162A1,000000FF), ref: 00408E61
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408E83
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408E97
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EA6
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EB3
        • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408EBA
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00408EF1
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F1B
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F2F
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F3E
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F4B
        • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408F52
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00408F8A
          • Part of subcall function 004092D0: #4171.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 004092EB
          • Part of subcall function 004092D0: #6311.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040931A
          • Part of subcall function 004092D0: atoi.MSVCRT ref: 00409324
        • #3286.MFC42(00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FAB
        • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FBF
        • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FCE
        • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FDB
        • #823.MFC42(0000000C,00000000,?,00000000,?,00000000,?,?,?,?,?,004162A1,000000FF), ref: 00408FE2
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00409018
        • #800.MFC42(?,?,?,?,?,004162A1,000000FF), ref: 00409032
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800$#3286#3301#6007#823#858$#4171#540#6311MessageSendatoi
        • String ID:
        • API String ID: 3055650909-0
        • Opcode ID: d76134389815a0277af893f41edf8715d800d98bb804f2b6fc5c437c66eae7f4
        • Instruction ID: 4e7e584e0ab80acd10ee7cf4f00adfd0cbccc072339726d03e0d0c640cc87cf5
        • Opcode Fuzzy Hash: d76134389815a0277af893f41edf8715d800d98bb804f2b6fc5c437c66eae7f4
        • Instruction Fuzzy Hash: 2E610F71108341AED310DB26C8C0E6BB7DDABD4358F04492EF1DA97392DA38DD86C76A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040EF8B
        • #2864.MFC42(00000000), ref: 0040EF92
        • #5981.MFC42(00000000), ref: 0040EF9D
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040EFE4
        • SendMessageA.USER32 ref: 0040F00F
        • SendMessageA.USER32(?,0000101B,?,00000000), ref: 0040F023
        • SendMessageA.USER32(?,00001203,?,0000009F), ref: 0040F03F
        • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040F05E
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F07F
        • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F090
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F0A8
        • #6907.MFC42(-00000001,?,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F0BB
        • SendMessageA.USER32(?,00001019,00000001,00000000), ref: 0040F0F8
        • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F10E
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F11D
        • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F12E
        • SendMessageA.USER32(?,0000101C,00000001,00000000), ref: 0040F146
        • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F164
        • SendMessageA.USER32(?,00001019,00000000,00000000), ref: 0040F176
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040F182
        • InvalidateRect.USER32(?,00000000,00000001,?,00000004,?,0000009F,?,00000000), ref: 0040F18C
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#6907$#2864#5981FocusInvalidateRect
        • String ID:
        • API String ID: 1511350695-0
        • Opcode ID: cbfe820232d3da00cc4125a430e2ca922b155d7759aedc4005ad7dd65cda8a12
        • Instruction ID: 6e860f70897de8cb24a928eea387c5ad0da3cf279318d51484a122a86d0deffd
        • Opcode Fuzzy Hash: cbfe820232d3da00cc4125a430e2ca922b155d7759aedc4005ad7dd65cda8a12
        • Instruction Fuzzy Hash: F3614E70240744ABE730DB25CC81FABB3A9BF88714F104B2DF695AB6D1D7B8E8448B55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 10005646
        • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000565A
        • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005665
        • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005670
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 1000567B
        • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 100056D3
        • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 100056DF
        • CloseHandle.KERNEL32(?), ref: 100056F2
        • FreeLibrary.KERNEL32(00000000), ref: 100056FD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$pi32
        • API String ID: 3440622277-1578001699
        • Opcode ID: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction ID: 97513855ba7d5b96b8eea992fadbc770b1a1e9ea9204260f57e06f18dc82c778
        • Opcode Fuzzy Hash: fe98523fa50d02e2726d1e232fd4389cf0363f9e90bbfebec60c5426d80fe0c6
        • Instruction Fuzzy Hash: 1531AFB5A01218ABEB10DBB4DD89BEEBBB8EF49641F104119FA05B7280DB71D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040D409
        • #2864.MFC42(00000000), ref: 0040D410
        • #5981.MFC42(00000000), ref: 0040D41B
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
          • Part of subcall function 00401AD0: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
          • Part of subcall function 00401AD0: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        • GetCursorPos.USER32(00000000), ref: 0040D425
        • ScreenToClient.USER32(?,?), ref: 0040D434
        • #3286.MFC42(00000000,?,?), ref: 0040D46A
        • #3293.MFC42(00000000,?,00000000,00000000,?,?), ref: 0040D4BA
        • GetClientRect.USER32(?,?), ref: 0040D4C8
        • InvalidateRect.USER32(?,?,00000001), ref: 0040D4F1
        • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040D543
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040D560
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040D579
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040D58A
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040D5A8
        • #3293.MFC42(00000000,?,00000000), ref: 0040D5B5
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040D5DC
        • SendMessageA.USER32(?,0000102C,00000000,00000001), ref: 0040D652
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DBB6
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DBDB
          • Part of subcall function 0040DB90: #3293.MFC42(?,?,00000000,?,00000000,?), ref: 0040DBFA
          • Part of subcall function 0040DB90: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DC22
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?,?), ref: 0040D61F
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040D644
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040CC74
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CCA2
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CCCB
          • Part of subcall function 0040CC40: #3293.MFC42(?,?,00000000), ref: 0040CCED
          • Part of subcall function 0040CC40: GetClientRect.USER32(?,?), ref: 0040CD17
          • Part of subcall function 0040CC40: SendMessageA.USER32 ref: 0040CD34
          • Part of subcall function 0040CC40: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CD52
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293Invalidate$ClientScroll$Enable$#2864#3286#3998#5981#6007CursorFocusScreenShow
        • String ID:
        • API String ID: 1983514702-0
        • Opcode ID: 8b55e805530541a9d092710536350505fd90c3126aa5e06a9ce3cbc7302a3956
        • Instruction ID: 57f82ebe21f7ee24ad7be10c36a29d409f2bc9a93f9c199d4d4d6808c76c11e9
        • Opcode Fuzzy Hash: 8b55e805530541a9d092710536350505fd90c3126aa5e06a9ce3cbc7302a3956
        • Instruction Fuzzy Hash: 31918171340305ABD624DB69CC81FABB3E9FBC8B04F00492EF595972D0DBB8E9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessagePost
        • String ID:
        • API String ID: 3939144538-0
        • Opcode ID: dbb7d571d73486c9964d8f346655b81c2bbe281731cd186e7b59489ad6b68100
        • Instruction ID: 75ac96b43b599a6a62239645f8ee84e71766786d9bf595ce3615597b2eda436e
        • Opcode Fuzzy Hash: dbb7d571d73486c9964d8f346655b81c2bbe281731cd186e7b59489ad6b68100
        • Instruction Fuzzy Hash: A71124B2E00714ABC614ABF69D59C9B7F9CFFCC2547008A6EB54887241DB7CD8428FA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #6907.MFC42(?,?,?), ref: 00414025
        • #537.MFC42(0041E8F0), ref: 00414039
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041404E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041405E
        • #6883.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041406E
        • #537.MFC42(Provincia,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00416EC0,000000FF), ref: 0041407C
        • #6883.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414091
        • #800.MFC42(?,00000000,Provincia,?,00000000,?), ref: 0041409E
        • #537.MFC42(Anas,?,00000000,Provincia,?,00000000,?), ref: 004140AC
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140C1
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140CE
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140DC
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140F1
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 004140FE
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6883$#537#800$#6907
        • String ID: Anas$Comune$Provincia
        • API String ID: 627091864-1109409966
        • Opcode ID: 4fec4260b2dfddf20dabf1dc2bb38527577b20e21aa25fd24d101a40a649272a
        • Instruction ID: 3473ace3d25e76a770bbfd23ce63f11dfe3668d771b5851ebbd5c95fab861f15
        • Opcode Fuzzy Hash: 4fec4260b2dfddf20dabf1dc2bb38527577b20e21aa25fd24d101a40a649272a
        • Instruction Fuzzy Hash: C9417D74500B00AFD320EF15C981BEBB7E5BBD8714F108A1EE49A87781C739E98ACB45
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF,408982D5,?,?,?,?,?,10010B11,000000FF), ref: 1000EB8B
        • SetLastError.KERNEL32(00000000,?,?,?,?,?,10010B11,000000FF), ref: 1000EB99
        • CancelWaitableTimer.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 1000EBAC
        • ??_V@YAXPAX@Z.MSVCR100 ref: 1000EBC3
        • ??_V@YAXPAX@Z.MSVCR100 ref: 1000EBD6
        • CloseHandle.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 1000EBE9
        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,10010B11,000000FF), ref: 1000EC06
        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,10010B11,000000FF), ref: 1000EC2B
        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,10010B11,000000FF), ref: 1000EC50
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 1000EC7F
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 1000EC9C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 1000ECB9
        • DeleteCriticalSection.KERNEL32(?), ref: 1000ECD9
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • DeleteCriticalSection.KERNEL32(?), ref: 1000ECE3
        • CloseHandle.KERNEL32(?), ref: 1000ECFE
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        • CloseHandle.KERNEL32(?), ref: 1000ED21
        • CloseHandle.KERNEL32(?), ref: 1000ED44
        • DeleteCriticalSection.KERNEL32(?), ref: 1000ED6A
        • CloseHandle.KERNEL32(?), ref: 1000EDA9
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseFreeVirtual$Handle$CriticalDeleteSection$Event$CancelCurrentErrorExceptionExchangeInterlockedLastObjectSingleThreadThrowTimerWaitWaitableclosesocketsendshutdown
        • String ID:
        • API String ID: 4282975886-0
        • Opcode ID: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction ID: 585240af49900e536e319a30f2aaedbac85c57466b1ef4c0f5779a9e1f4c7d10
        • Opcode Fuzzy Hash: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction Fuzzy Hash: 42715EB1A40A96ABE744CF78CCC8A9AF7E9FB04390F514629F519E7254CB34FC548B90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsWindow.USER32(?), ref: 00411BA1
        • IsRectEmpty.USER32(?), ref: 00411BB4
        • IsWindowVisible.USER32(?), ref: 00411BDB
        • GetFocus.USER32 ref: 00411BE9
        • #2864.MFC42(00000000,?,00000000), ref: 00411BF0
        • #6605.MFC42 ref: 00411C36
        • #289.MFC42(?), ref: 00411C40
        • #537.MFC42(?,?), ref: 00411C52
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00411C69
        • #2860.MFC42(00000000), ref: 00411C70
        • #5788.MFC42(00000000,00000000), ref: 00411C7A
        • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 00411CAE
        • #6197.MFC42(6D18A018,?,?,000000FF,?,00000050), ref: 00411CDF
        • #5875.MFC42(00000001,6D18A018,?,?,000000FF,?,00000050), ref: 00411CEA
        • #5788.MFC42(?), ref: 00411D10
        • SetCapture.USER32(?,?), ref: 00411D19
        • #2864.MFC42(00000000), ref: 00411D20
        • #800.MFC42(00000000), ref: 00411D2E
        • #613.MFC42(00000000), ref: 00411D3F
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864#5788Window$#2860#289#537#5875#613#6197#6605#800CaptureEmptyExtentFocusMessagePoint32RectSendTextVisible
        • String ID:
        • API String ID: 1052973344-0
        • Opcode ID: 5a541de6514cf8f7d8853c86495949eda2a6372b090c1199e6a1a8ff03a95b14
        • Instruction ID: 563cf2e3aa894bee5954ef733e3a8ba166e519cceaa4859d21dde127e7ec4e12
        • Opcode Fuzzy Hash: 5a541de6514cf8f7d8853c86495949eda2a6372b090c1199e6a1a8ff03a95b14
        • Instruction Fuzzy Hash: 11513775604740AFC314DF68D884FABB7E8FBC8714F008A1DB59687690DB78E844CB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10002E7C
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
        • timeGetTime.WINMM ref: 10002E8E
        • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
        • gethostbyname.WS2_32(?), ref: 10002EDF
        • htons.WS2_32(?), ref: 10002EF8
        • connect.WS2_32(?,?,00000010), ref: 10002F16
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
        • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
        • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
        • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
        • _beginthreadex.MSVCR100 ref: 10002FF6
        • _beginthreadex.MSVCR100 ref: 1000300B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 2079111011-3203441087
        • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
        • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(0041E8F0), ref: 00414D81
        • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414D96
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DA6
        • #6883.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DB6
        • #537.MFC42(Provincia,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00417000,000000FF), ref: 00414DC4
        • #6883.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414DD9
        • #800.MFC42(?,00000000,Provincia,?,00000000,?), ref: 00414DE6
        • #537.MFC42(Anas,?,00000000,Provincia,?,00000000,?), ref: 00414DF4
        • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E09
        • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E16
        • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E24
        • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E39
        • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,00000000,?), ref: 00414E46
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6883$#537#800
        • String ID: Anas$Comune$Provincia
        • API String ID: 1717197427-1109409966
        • Opcode ID: 2cc85ecaf75742fbc7f524f987d68be454302ffc22e66c38bb7658d9be050907
        • Instruction ID: 4e2d33064d6abd8d8f131be95bbc7ad306cc52d7b90e2c432d0fd03e88d80d9c
        • Opcode Fuzzy Hash: 2cc85ecaf75742fbc7f524f987d68be454302ffc22e66c38bb7658d9be050907
        • Instruction Fuzzy Hash: 2B515D70504B009FD324EF15C581BABB7E5BBC8324F108A1EE49A87780D779E98ACB49
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040CC74
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
          • Part of subcall function 0040DA60: #3293.MFC42(00000000,?,00000000,76933EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
          • Part of subcall function 0040DA60: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
          • Part of subcall function 0040DA60: GetClientRect.USER32(?,?), ref: 0040DAF3
          • Part of subcall function 0040DA60: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CCA2
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CCCB
        • #3293.MFC42(?,?,00000000), ref: 0040CCED
        • GetClientRect.USER32(?,?), ref: 0040CD17
        • SendMessageA.USER32 ref: 0040CD34
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040CD52
        • #540.MFC42 ref: 0040CD73
        • #3089.MFC42 ref: 0040CDB4
        • #3286.MFC42(?,?), ref: 0040CDD4
        • #823.MFC42(00000014,?,?,?,?,?,?,?,?), ref: 0040CE00
        • #541.MFC42 ref: 0040CE1A
        • #800.MFC42(?), ref: 0040CE6E
        • #823.MFC42(0000016C,?), ref: 0040CE95
        • #535.MFC42(00000002,?,?,?,?), ref: 0040CED6
        • GetParent.USER32(?), ref: 0040CF26
        • #2864.MFC42(00000000), ref: 0040CF2D
        • #800.MFC42 ref: 0040CFEF
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#800#823Client$#2864#3089#3092#3286#535#540#541Parent
        • String ID:
        • API String ID: 2125008405-0
        • Opcode ID: f0a8bff8f873108d64a64abf37aee993c78833a39c863ebec92b2fb7ea6cea46
        • Instruction ID: bdeba55dabbe346482d1e2d4055adf7286c66d3c4c38834717c6475fd089da88
        • Opcode Fuzzy Hash: f0a8bff8f873108d64a64abf37aee993c78833a39c863ebec92b2fb7ea6cea46
        • Instruction Fuzzy Hash: 33B16D702043419FD724DF65C881BABBBE5BFC8704F004A2EF59997391DB78A845CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memset.MSVCR100 ref: 1000F659
        • memset.MSVCR100 ref: 1000F66C
        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 1000F68F
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Closememset$Open
        • String ID: %08X$Host
        • API String ID: 4198983563-2867006347
        • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
        • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E436
        • #3286.MFC42(00000000), ref: 0040E44B
        • #3293.MFC42(00000000,?,00000000,00000000), ref: 0040E492
        • GetClientRect.USER32(?,00000000), ref: 0040E4A0
        • InvalidateRect.USER32(?,?,00000001), ref: 0040E4C9
        • InvalidateRect.USER32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040E516
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040E52F
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040E548
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040E559
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040E577
        • #3293.MFC42(00000000,?,00000000), ref: 0040E584
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040E5AB
          • Part of subcall function 00401B70: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401B8D
          • Part of subcall function 00401B70: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401B9C
          • Part of subcall function 00401B70: #3286.MFC42(?), ref: 00401BAA
          • Part of subcall function 00401B70: SendMessageA.USER32(?,00001008,?,00000000), ref: 00401BE1
          • Part of subcall function 00401B70: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401BF2
        • #3089.MFC42 ref: 0040E698
        • GetParent.USER32(?), ref: 0040E6B7
        • #2864.MFC42(00000000), ref: 0040E6BE
        • SendMessageA.USER32(?,0000004E,?,?), ref: 0040E6D3
        • #5290.MFC42(?), ref: 0040E6E7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$RectScroll$#3286#3293EnableInvalidate$#2864#3089#5290ClientParentShow
        • String ID:
        • API String ID: 3965518664-0
        • Opcode ID: a4159e19f28e2276acd800a31d6ec83aec7225f8fae3b999c8bb4c10c06bcbe1
        • Instruction ID: 131fa331dea3b921b0b01fbb884be57261c6ebca500bae5ddefae37afd712bcf
        • Opcode Fuzzy Hash: a4159e19f28e2276acd800a31d6ec83aec7225f8fae3b999c8bb4c10c06bcbe1
        • Instruction Fuzzy Hash: D991B271340700ABD724DB29DC81FABB3E4BB98714F104D2EFA95A72D0DA79E8418769
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 0040699A
        • #536.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18), ref: 004069BD
        • #535.MFC42(00000084,?,00000001), ref: 004069F5
        • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406A4A
        • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406A8B
        • #800.MFC42(00000084,?,00000001), ref: 00406AA1
        • #535.MFC42(00000084,?,00000001), ref: 00406ADC
        • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406B2B
        • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406B5A
        • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406B9B
        • #800.MFC42(00000084,?,00000001), ref: 00406BAD
        • #800.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18), ref: 00406BC7
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 00406BD7
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415F18,000000FF), ref: 00406BED
        • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C17
        • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C2D
        • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406C3B
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800$#535$#4129$#536#540
        • String ID:
        • API String ID: 2959236569-0
        • Opcode ID: de5838552160e8a1a68d872514f480001582ac3e1cd8effcbec341b14dea053e
        • Instruction ID: fdbbd305b15675dd317f3ab683c2c62ea9dc9fa98f6c2da4e4424d65e80139de
        • Opcode Fuzzy Hash: de5838552160e8a1a68d872514f480001582ac3e1cd8effcbec341b14dea053e
        • Instruction Fuzzy Hash: F381F4312082518FC700DF24C4907EB7BE56FAA344F19496DF8CAA73D1E63AE949CB85
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
        • #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040982B
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040984D
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040986F
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 0040988D
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098AB
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098CD
        • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004098EF
          • Part of subcall function 004049C0: #2414.MFC42(?,?,?,?,?,?,?,004049A8), ref: 00404A05
          • Part of subcall function 004049C0: #682.MFC42(?,?,?,?,?,?,?,004049A8), ref: 00404A1A
        • #693.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409911
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#682#686#693#800
        • String ID:
        • API String ID: 3969047488-0
        • Opcode ID: 89a92bffa5beed12fcff500d2a05c41d0eb43154f3ef4fc3a7a78736a3bbb3a7
        • Instruction ID: 69f0adf552a5b93e4ecb8fb81ce234f528e32a1a3ca4b45b3ee66e9d1335e5b3
        • Opcode Fuzzy Hash: 89a92bffa5beed12fcff500d2a05c41d0eb43154f3ef4fc3a7a78736a3bbb3a7
        • Instruction Fuzzy Hash: 81712A74204782DBC714DF25C0403DAFBE5BF95708F044A1FE499AB392DBB9A944CB6A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • wsprintfA.USER32 ref: 1000DA17
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
        • GetLastError.KERNEL32 ref: 1000DA38
        • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
        • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
        • exit.MSVCR100 ref: 1000DA55
        • GetTickCount.KERNEL32 ref: 1000DAA0
        • GetTickCount.KERNEL32 ref: 1000DABB
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
        • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
        • CloseHandle.KERNEL32(?), ref: 1000DBE8
        • CloseHandle.KERNEL32(?), ref: 1000DC0B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
        • String ID: %d:%d
        • API String ID: 3209965405-4036436701
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411E99
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411EA9
          • Part of subcall function 00411E60: GetSysColor.USER32(00000007), ref: 00411EC4
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000E), ref: 00411ECB
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411ED2
          • Part of subcall function 00411E60: GetSysColor.USER32(00000004), ref: 00411ED9
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000D), ref: 00411EE0
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411EE7
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411EEE
          • Part of subcall function 00411E60: GetSysColor.USER32(00000011), ref: 00411EF5
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411EFC
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411F03
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411F0A
          • Part of subcall function 00411E60: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
          • Part of subcall function 00411E60: CreateFontIndirectA.GDI32(?), ref: 00411F57
        • CreatePopupMenu.USER32 ref: 0040893E
        • #1644.MFC42(00000000), ref: 00408949
        • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 00408965
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00408975
        • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00408988
        • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 0040899B
        • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 004089AE
        • GetMessagePos.USER32 ref: 004089B0
          • Part of subcall function 004129D0: #1146.MFC42(?,000000F1,?,769A3E40), ref: 004129FE
          • Part of subcall function 00412BB0: GetMenuItemCount.USER32(?), ref: 00412BE3
          • Part of subcall function 00412BB0: GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
          • Part of subcall function 00412BB0: GetSubMenu.USER32(?,-00000001), ref: 00412C15
          • Part of subcall function 00412BB0: #2863.MFC42(00000000,?,?,?,769A3E40), ref: 00412C1C
          • Part of subcall function 00412BB0: #540.MFC42(00000000,?,?,?,769A3E40), ref: 00412C40
          • Part of subcall function 00412BB0: GetMenuStringA.USER32 ref: 00412C61
          • Part of subcall function 00412BB0: #2919.MFC42(00000002), ref: 00412C70
          • Part of subcall function 00412BB0: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
          • Part of subcall function 00412BB0: #5572.MFC42(000000FF), ref: 00412C89
          • Part of subcall function 00412F20: GetMenuItemCount.USER32(?), ref: 00412F31
          • Part of subcall function 00412F20: #291.MFC42 ref: 00412F3D
          • Part of subcall function 00412F20: GetMenuItemID.USER32(?,-00000001), ref: 00412F65
          • Part of subcall function 00412F20: GetSubMenu.USER32(?,-00000001), ref: 00412F71
          • Part of subcall function 00412F20: #2863.MFC42(00000000), ref: 00412F78
        • #6270.MFC42(00000002,769A3E40,?,?,00000000,?,?,?,00000081), ref: 004089F5
        • #2438.MFC42(00000002,769A3E40,?,?,00000000,?,?,?,00000081), ref: 004089FE
          • Part of subcall function 00411FB0: #825.MFC42(?,?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?), ref: 00411FFB
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041200F
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041201C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 0041202C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 00412036
          • Part of subcall function 00411FB0: #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412040
          • Part of subcall function 00411FB0: #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 0041204D
          • Part of subcall function 00411FB0: #2438.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412062
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
        • String ID: &Annulla$&Copia$&Incolla$&Taglia
        • API String ID: 1545793310-1349790597
        • Opcode ID: 5ec9f6c7544c3081f12a7bd6ff77bf89187ec2610baa2cee98abc0811b0f6dfc
        • Instruction ID: 043b1e9b273fcc1ac97f1f7bc20ceb14be864e242e7ea733c33d660d4d9379a0
        • Opcode Fuzzy Hash: 5ec9f6c7544c3081f12a7bd6ff77bf89187ec2610baa2cee98abc0811b0f6dfc
        • Instruction Fuzzy Hash: 33218271244340BBD210EB55CC42FDFB7A8EB88B10F208D1EB661671D0CBB8A444CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411E99
          • Part of subcall function 00411E60: #384.MFC42 ref: 00411EA9
          • Part of subcall function 00411E60: GetSysColor.USER32(00000007), ref: 00411EC4
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000E), ref: 00411ECB
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411ED2
          • Part of subcall function 00411E60: GetSysColor.USER32(00000004), ref: 00411ED9
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000D), ref: 00411EE0
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411EE7
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411EEE
          • Part of subcall function 00411E60: GetSysColor.USER32(00000011), ref: 00411EF5
          • Part of subcall function 00411E60: GetSysColor.USER32(0000000F), ref: 00411EFC
          • Part of subcall function 00411E60: GetSysColor.USER32(00000014), ref: 00411F03
          • Part of subcall function 00411E60: GetSysColor.USER32(00000010), ref: 00411F0A
          • Part of subcall function 00411E60: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
          • Part of subcall function 00411E60: CreateFontIndirectA.GDI32(?), ref: 00411F57
        • CreatePopupMenu.USER32 ref: 004077DE
        • #1644.MFC42(00000000), ref: 004077E9
        • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 00407805
        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00407815
        • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00407828
        • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 0040783B
        • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 0040784E
        • GetMessagePos.USER32 ref: 00407850
          • Part of subcall function 004129D0: #1146.MFC42(?,000000F1,?,769A3E40), ref: 004129FE
          • Part of subcall function 00412BB0: GetMenuItemCount.USER32(?), ref: 00412BE3
          • Part of subcall function 00412BB0: GetMenuItemID.USER32(?,-00000001), ref: 00412BFB
          • Part of subcall function 00412BB0: GetSubMenu.USER32(?,-00000001), ref: 00412C15
          • Part of subcall function 00412BB0: #2863.MFC42(00000000,?,?,?,769A3E40), ref: 00412C1C
          • Part of subcall function 00412BB0: #540.MFC42(00000000,?,?,?,769A3E40), ref: 00412C40
          • Part of subcall function 00412BB0: GetMenuStringA.USER32 ref: 00412C61
          • Part of subcall function 00412BB0: #2919.MFC42(00000002), ref: 00412C70
          • Part of subcall function 00412BB0: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412C81
          • Part of subcall function 00412BB0: #5572.MFC42(000000FF), ref: 00412C89
          • Part of subcall function 00412F20: GetMenuItemCount.USER32(?), ref: 00412F31
          • Part of subcall function 00412F20: #291.MFC42 ref: 00412F3D
          • Part of subcall function 00412F20: GetMenuItemID.USER32(?,-00000001), ref: 00412F65
          • Part of subcall function 00412F20: GetSubMenu.USER32(?,-00000001), ref: 00412F71
          • Part of subcall function 00412F20: #2863.MFC42(00000000), ref: 00412F78
        • #6270.MFC42(00000002,769A3E40,?,?,00000000,?,?,?,00000081), ref: 00407895
        • #2438.MFC42(00000002,769A3E40,?,?,00000000,?,?,?,00000081), ref: 0040789E
          • Part of subcall function 00411FB0: #825.MFC42(?,?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?), ref: 00411FFB
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041200F
          • Part of subcall function 00411FB0: GlobalFree.KERNEL32(?), ref: 0041201C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 0041202C
          • Part of subcall function 00411FB0: DeleteObject.GDI32(?), ref: 00412036
          • Part of subcall function 00411FB0: #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412040
          • Part of subcall function 00411FB0: #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 0041204D
          • Part of subcall function 00411FB0: #2438.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412062
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
        • String ID: &Annulla$&Copia$&Incolla$&Taglia
        • API String ID: 1545793310-1349790597
        • Opcode ID: 83a35bd5f2bf3126c7fbcb622448bf440223788d703dc3268ea508fb2ea73ac9
        • Instruction ID: d0182e2003be76b948f0e8cbd0089100785693cea0c103307651707d329406c4
        • Opcode Fuzzy Hash: 83a35bd5f2bf3126c7fbcb622448bf440223788d703dc3268ea508fb2ea73ac9
        • Instruction Fuzzy Hash: 06218271644340BBD210EB15CC42FDFB7A8EB88B10F208D1EB661671D0CBB8A444CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,408982D5,?,?,?,?,00000000,000000FF,00000000), ref: 10004AE6
        • EnterCriticalSection.KERNEL32(?,408982D5,?,?,?,?,00000000,000000FF,00000000), ref: 10004B0D
        • SetLastError.KERNEL32(0000139F,?,?,00000000,000000FF), ref: 10004B21
        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,000000FF), ref: 10004B28
        • ??_V@YAXPAX@Z.MSVCR100 ref: 10004B2F
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: 5fe8bdd41a10f96eed0c08b81a8c651ccd934f21ec4c15eef027c2ec4447b3e6
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: 8C519AB6A047059FE310DFA8D885B5ABBF4FB48751F00862AE90AC3B51DB35E810CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6215CaptureMessageRelease$#2864ClientPostScreen$#5290FocusFromPointSendWindow
        • String ID:
        • API String ID: 3881921562-0
        • Opcode ID: 6cee499fa40594b597a01b46b7dc831a577221051b9d33a76c49a61822d96e0e
        • Instruction ID: 432075c00c82a46ec2eec180b4bcdd32e0173e9ddcaef392197e9de0b335b728
        • Opcode Fuzzy Hash: 6cee499fa40594b597a01b46b7dc831a577221051b9d33a76c49a61822d96e0e
        • Instruction Fuzzy Hash: 33517F766147029FD314DF28D884AABB7E4EF88310F14C93EF66687790C678E844CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#3874#540#800#858#860MessageSendWindow
        • String ID:
        • API String ID: 1997798510-0
        • Opcode ID: 434cc625a9e94f3d8e973cdc58c00d50eb33104d3bac2fe5f741bfebfb99dd83
        • Instruction ID: 2a7d54997ec92ff64589da6accb1ad6ddd915dd244c8e0d4ace4bd6d1b48d11a
        • Opcode Fuzzy Hash: 434cc625a9e94f3d8e973cdc58c00d50eb33104d3bac2fe5f741bfebfb99dd83
        • Instruction Fuzzy Hash: AA419F756087019FC724DF65C890AABB7E8BF89714F058A2EF496973C0DB38E809CB55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403184
        • #823.MFC42 ref: 00403198
        • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 004031B4
        • qsort.MSVCRT ref: 004031C8
        • #540.MFC42 ref: 004031E4
        • #3803.MFC42 ref: 004031FA
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040320E
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 00403223
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403238
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 0040324C
        • #800.MFC42 ref: 0040325A
        • #3092.MFC42(00000001), ref: 00403279
        • #4123.MFC42(00000001), ref: 00403280
        • #3092.MFC42(00000001,00000001,00000001), ref: 0040328F
        • #2642.MFC42(00000001,00000001,00000001), ref: 00403296
        • #825.MFC42(00000000), ref: 004032A7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
        • String ID:
        • API String ID: 203305839-0
        • Opcode ID: bfcb2955e9eeca1c0ef4bedf158bcf6c3cbe087d369cd8ab1f9a27c86320d5d6
        • Instruction ID: 4a5e7915ececa285c77ff163f98c61616efa47339a82104610a8193d14ddfe2e
        • Opcode Fuzzy Hash: bfcb2955e9eeca1c0ef4bedf158bcf6c3cbe087d369cd8ab1f9a27c86320d5d6
        • Instruction Fuzzy Hash: E631B5B0240705BBE610EF65DC81FABB39CFF94718F00092EF655A72C1EA78A9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403304
        • #823.MFC42 ref: 00403318
        • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 00403334
        • qsort.MSVCRT ref: 00403348
        • #540.MFC42 ref: 00403364
        • #3803.MFC42 ref: 0040337D
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00403391
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004033A6
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 004033BB
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004033CF
        • #800.MFC42 ref: 004033DD
        • #3092.MFC42(00000001), ref: 004033FC
        • #4123.MFC42(00000001), ref: 00403403
        • #3092.MFC42(00000001,00000001,00000001), ref: 00403412
        • #2642.MFC42(00000001,00000001,00000001), ref: 00403419
        • #825.MFC42(00000000), ref: 0040342A
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
        • String ID:
        • API String ID: 203305839-0
        • Opcode ID: 5312972f923e5bf863ac23c3bd0b68f943901f9f5942beeb42dce5626d38e23d
        • Instruction ID: 9321509ac705905c2932cd221e2d6c618522df728e2f0b63cb48e87360bed5c7
        • Opcode Fuzzy Hash: 5312972f923e5bf863ac23c3bd0b68f943901f9f5942beeb42dce5626d38e23d
        • Instruction Fuzzy Hash: EA31B7B02407057BE610EF65CC91FABB79CFFC4718F004A2DF655AB2C1DAB8A9058B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040FCE8
        • #2864.MFC42(00000000), ref: 0040FCEF
        • #5981.MFC42(00000000), ref: 0040FCFA
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
          • Part of subcall function 00401AD0: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
          • Part of subcall function 00401AD0: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
          • Part of subcall function 00401AD0: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        • #3286.MFC42(00000000,?,?,00000000), ref: 0040FD2C
        • #3293.MFC42(00000000,?,00000000,?,00000000,?,?,00000000), ref: 0040FD80
        • GetClientRect.USER32(?,00000000), ref: 0040FD8E
        • InvalidateRect.USER32(?,?,00000001,?,00000000,?,?,00000000), ref: 0040FDB7
        • InvalidateRect.USER32(?,?,00000000,00000000,00000000,?,?,00000000,?,?,00000000), ref: 0040FE04
        • ShowScrollBar.USER32(?,00000003,00000001,00000000,?,?,00000000), ref: 0040FE1E
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040FE37
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040FE48
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040FE66
        • #3293.MFC42(00000000,?,00000000), ref: 0040FE73
        • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040FE9A
        • #2379.MFC42(00000000), ref: 0040FEA7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$RectScroll$#3293EnableInvalidate$#2379#2864#3286#3998#5981#6007ClientFocusShow
        • String ID:
        • API String ID: 1735829022-0
        • Opcode ID: ac5d11673f0c16f964fcbedb52742e6f07065bbf70cf08de5e6469a27dd36065
        • Instruction ID: 0aaae5f5596d289ced406aea480840719eacc4f45737fc74579e6d0267b2a2ac
        • Opcode Fuzzy Hash: ac5d11673f0c16f964fcbedb52742e6f07065bbf70cf08de5e6469a27dd36065
        • Instruction Fuzzy Hash: A2519071300705ABD724DB25CC81FABB3E9EB88704F10493DF696A72D1DA74F9058B99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040FB18
        • #2864.MFC42(00000000), ref: 0040FB1F
        • #5981.MFC42(00000000), ref: 0040FB2A
        • GetParent.USER32(?), ref: 0040FB50
        • #2864.MFC42(00000000), ref: 0040FB57
        • SendMessageA.USER32(?,00001019,00000000,?), ref: 0040FBB7
        • SendMessageA.USER32(?,?,?,0000101A), ref: 0040FBE1
        • #3092.MFC42 ref: 0040FC08
        • SendMessageA.USER32(?,00001203,00000000,?), ref: 0040FC25
        • SendMessageA.USER32(?,00001204,00000000,?), ref: 0040FC4E
        • GetWindowRect.USER32(?,?), ref: 0040FC7F
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 0040FCBA
        • GetFocus.USER32 ref: 0040FCBC
        • #2864.MFC42(00000000), ref: 0040FCC3
        • #5981.MFC42(00000000), ref: 0040FCCE
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#2864$#5981Focus$#3092ParentRectWindow
        • String ID:
        • API String ID: 3834894444-0
        • Opcode ID: dd566917d49f5791739a551efdc58e5556ff864fb2975e49bacf679bf230aeb6
        • Instruction ID: 75bea8e93dd8337d625dc5d9a8711e7e0234719ca2e1de54b4ea5c160b0486a3
        • Opcode Fuzzy Hash: dd566917d49f5791739a551efdc58e5556ff864fb2975e49bacf679bf230aeb6
        • Instruction Fuzzy Hash: 8D513970204705AFD724DF21C851BABB7E9BF88704F00893EF99697680D778E8058F99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403481
        • #3092.MFC42(00000000,?,?,?,?,?,00415B68,000000FF), ref: 0040348F
        • #4123.MFC42(00000000,?,?,?,?,?,00415B68,000000FF), ref: 00403496
        • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B68,000000FF), ref: 004034A5
        • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B68,000000FF), ref: 004034AC
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004034C1
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004034DD
        • #540.MFC42(?,?,?,?,?,?,00415B68,000000FF), ref: 004034ED
        • #3803.MFC42(00000000,?,?,?,?,?,?,?,00415B68,000000FF), ref: 00403506
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040351A
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 0040352D
        • SendMessageA.USER32(?,00000181,00000001,?), ref: 00403542
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403554
        • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 00403565
        • #800.MFC42(?,?,?,?,?,?,00415B68,000000FF), ref: 0040357A
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800
        • String ID:
        • API String ID: 4043816869-0
        • Opcode ID: 2e03029367892f3c060db6a1b496afd3c26b0c1247bcb1865961dce40f97b523
        • Instruction ID: bc9bc101665e2bb95601ba4170fac8283b13dbb938950162e68986635580def5
        • Opcode Fuzzy Hash: 2e03029367892f3c060db6a1b496afd3c26b0c1247bcb1865961dce40f97b523
        • Instruction Fuzzy Hash: 1F31A7713407407BE620DB768C96F9BB2DDFBC4B14F500A1DF655AB2C0DA78E9058758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #384.MFC42 ref: 00411E99
        • #384.MFC42 ref: 00411EA9
        • GetSysColor.USER32(00000007), ref: 00411EC4
        • GetSysColor.USER32(0000000E), ref: 00411ECB
        • GetSysColor.USER32(0000000F), ref: 00411ED2
        • GetSysColor.USER32(00000004), ref: 00411ED9
        • GetSysColor.USER32(0000000D), ref: 00411EE0
        • GetSysColor.USER32(00000014), ref: 00411EE7
        • GetSysColor.USER32(00000010), ref: 00411EEE
        • GetSysColor.USER32(00000011), ref: 00411EF5
        • GetSysColor.USER32(0000000F), ref: 00411EFC
        • GetSysColor.USER32(00000014), ref: 00411F03
        • GetSysColor.USER32(00000010), ref: 00411F0A
        • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 00411F49
        • CreateFontIndirectA.GDI32(?), ref: 00411F57
          • Part of subcall function 00412980: DeleteObject.GDI32(?), ref: 0041298E
          • Part of subcall function 00412980: GetObjectA.GDI32(?,0000003C,?), ref: 004129A6
          • Part of subcall function 00412980: CreateFontIndirectA.GDI32(?), ref: 004129B9
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Color$#384CreateFontIndirectObject$DeleteInfoParametersSystem
        • String ID:
        • API String ID: 3440023120-0
        • Opcode ID: b35c077c83df1825cd7ba92365bd9f7b4374c2491f0b605509a5598b85fff4e3
        • Instruction ID: 6ac4497f5d40e9b1e3c8c21e6150fa3d562da67572652c3ca37e52926b3b37a4
        • Opcode Fuzzy Hash: b35c077c83df1825cd7ba92365bd9f7b4374c2491f0b605509a5598b85fff4e3
        • Instruction Fuzzy Hash: AD31F8B1944B849FD730AF76C945B97BBE4FB84704F004D2EE28A8BA80D7B9A444CF51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetParent.USER32(?), ref: 004065D0
        • #2864.MFC42(00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 004065D7
        • WindowFromPoint.USER32(?,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 004065F9
        • #2864.MFC42(00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406600
        • IsChild.USER32(?,?), ref: 00406613
        • #5290.MFC42(?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406651
        • #5981.MFC42(00000000,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406692
        • #5981.MFC42 ref: 004066AA
        • GetKeyState.USER32(00000010), ref: 004066BB
          • Part of subcall function 00407110: GetParent.USER32(?), ref: 0040711B
          • Part of subcall function 00407110: #2864.MFC42(00000000), ref: 00407122
          • Part of subcall function 00407110: SendMessageA.USER32(?,00000403,00000001,?), ref: 00407157
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864$#5981Parent$#5290ChildFromMessagePointSendStateWindow
        • String ID:
        • API String ID: 3514343147-0
        • Opcode ID: ee3cb37d34509a9d35771c76da26bd044ec8fe4641df2870e28deacd92bdc458
        • Instruction ID: 8275b49472e782245c680e1a3d1ecb718942acc66207dccd9aac981c6a9afee2
        • Opcode Fuzzy Hash: ee3cb37d34509a9d35771c76da26bd044ec8fe4641df2870e28deacd92bdc458
        • Instruction Fuzzy Hash: 2F5106706002059BCB24AF25C891BBB7799AF95308F11493FF457A73C1CB3DAC628B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4720.MFC42 ref: 00413825
          • Part of subcall function 0040FA00: #823.MFC42(00000014,?,?,?,004169EB,000000FF), ref: 0040FA2B
          • Part of subcall function 00402210: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040222E
          • Part of subcall function 00402210: GlobalAlloc.KERNEL32(00000040,00000030,00000000,0040217B,?,?,?,?,?,?,?,?), ref: 0040223A
          • Part of subcall function 004025A0: #825.MFC42(?), ref: 004025B6
          • Part of subcall function 004025A0: #823.MFC42(00000000), ref: 004025CF
          • Part of subcall function 00402610: #540.MFC42 ref: 00402631
          • Part of subcall function 00402610: #540.MFC42 ref: 00402640
          • Part of subcall function 00402610: #540.MFC42 ref: 0040264E
          • Part of subcall function 00402610: #2818.MFC42(?,GfxLists\%s,?), ref: 00402667
          • Part of subcall function 00402610: #1168.MFC42 ref: 0040266F
          • Part of subcall function 00402610: #3521.MFC42(?,NumDef,00000000), ref: 00402684
          • Part of subcall function 00402610: #800.MFC42 ref: 00402698
          • Part of subcall function 00402610: #800.MFC42 ref: 004026A6
          • Part of subcall function 00402610: #800.MFC42 ref: 004026B7
          • Part of subcall function 0040C7F0: #3797.MFC42(?,00409A2B), ref: 0040C7F3
          • Part of subcall function 0040C7F0: GetDlgItem.USER32(?,00000000), ref: 0040C806
          • Part of subcall function 0040C7F0: #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
          • Part of subcall function 0040C7F0: #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
          • Part of subcall function 0040C7F0: #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
          • Part of subcall function 0040C630: #6197.MFC42(00000000,00000000,00000000,00000000,00000000,?), ref: 0040C676
        • #6197.MFC42(00000000,00000000,00000000,00000000,00000000,00000020,00000008,The Combox,00000000,00000000,00000078,00000022,000000FF,00000000,00000006,00000000), ref: 00413988
        • SendMessageA.USER32(?,0000102F,000000C8,00000000), ref: 004139A7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800$#6197#823AllocGlobal$#1168#2818#3521#3797#4284#4720#6215#6242#825ItemMessageSend
        • String ID: Colonna 0$Colonna 1$Colonna 2$Colonna 3$Image 1$Image 2$Image 3$The Combox$TheMainList
        • API String ID: 3093119053-3160562909
        • Opcode ID: 0d7e116d976a3ceaf95b9c42c612b9dedfac963abb67f16340a114a0ac8830bb
        • Instruction ID: be173d671467a1c0d92aaa73b0419ca8199545a579c13aa196bd0f9282e95cc1
        • Opcode Fuzzy Hash: 0d7e116d976a3ceaf95b9c42c612b9dedfac963abb67f16340a114a0ac8830bb
        • Instruction Fuzzy Hash: 8B41E9303C471176F53966624C5BF9D55015BA4F29FB0472EBB253E2C2CEED3A95428C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040469D
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004046B8
        • #3092.MFC42(000003F8), ref: 004046C5
        • #4123.MFC42(000003F8), ref: 004046CC
        • #6334.MFC42(00000001,000003F8), ref: 004046DD
        • #825.MFC42(?,00000001,000003F8), ref: 00404742
        • #823.MFC42(?,00000001,000003F8), ref: 00404755
        • #825.MFC42(?,00000001,000003F8), ref: 00404783
        • #823.MFC42(?,00000001,000003F8), ref: 00404796
        • lstrcpyA.KERNEL32(?,?), ref: 004047BA
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004047CF
        • SendMessageA.USER32(?,00000181,00000000,?), ref: 004047E5
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004047FB
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 0040480C
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#823#825$#3092#4123#6334lstrcpy
        • String ID:
        • API String ID: 2566407596-0
        • Opcode ID: 35b2f37e661f9f33f4aba666b0f8098ea2d1628576246a4dcfc551fb5f6d6a48
        • Instruction ID: 07b6ad3bbb86671c435e470879c1264a668ce6557a5b45f154f05534b8e4845d
        • Opcode Fuzzy Hash: 35b2f37e661f9f33f4aba666b0f8098ea2d1628576246a4dcfc551fb5f6d6a48
        • Instruction Fuzzy Hash: E841D1B47007016BD220DB34CC91FA7B3E9AB85304F148A2DE65A9B381DA35FC45C758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
        • InternetCloseHandle.WININET(00000000), ref: 10006861
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
        • InternetCloseHandle.WININET(00000000), ref: 10006929
        • InternetCloseHandle.WININET(00000000), ref: 1000692C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
        • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
        • API String ID: 3920785804-909499719
        • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
        • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
        • String ID: A
        • API String ID: 801014965-390959529
        • Opcode ID: 802509e6c35e8fc3480a6de3a9dd9f2c90ed713621ed25efa6cae7e4e4afb914
        • Instruction ID: 6fc03e221425299f9bff35cc58ee5bdd20ec16252789afcb9b9207824440d97e
        • Opcode Fuzzy Hash: 802509e6c35e8fc3480a6de3a9dd9f2c90ed713621ed25efa6cae7e4e4afb914
        • Instruction Fuzzy Hash: 4E41DEB4810708EFDB209FA1DC85AEA7BB8FB49320F20452FF85197391C7784881CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004035D1
        • #3092.MFC42(00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035DF
        • #4123.MFC42(00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035E6
        • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035F5
        • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,00415B88,000000FF), ref: 004035FC
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403611
        • #540.MFC42(?,?,?,?,?,?,00415B88,000000FF), ref: 00403622
        • #3803.MFC42(00000000,?,?,?,?,?,?,?,00415B88,000000FF), ref: 0040363B
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040364F
        • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 00403662
        • SendMessageA.USER32(?,00000181,-00000001,?), ref: 00403677
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403689
        • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 0040369A
        • #800.MFC42(?,?,?,?,?,?,00415B88,000000FF), ref: 004036AF
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092$#2642#3803#4123#540#800
        • String ID:
        • API String ID: 4043816869-0
        • Opcode ID: 62b9a37fe99eb9a5674a476eb871025e975c381c1dd4185e6368c3b5510919cb
        • Instruction ID: 696ec18e5fbdbcec3eec23283961f1a372e716ba85b5b625bcc778a32171051b
        • Opcode Fuzzy Hash: 62b9a37fe99eb9a5674a476eb871025e975c381c1dd4185e6368c3b5510919cb
        • Instruction Fuzzy Hash: C231A7713407407BE624DB768C96FDBB7EDFBC5B14F400A1DB2559B2C0DA78A9018758
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Rect$#2864Parent$Invalidate$#2379#825CaptureEmptyReleaseUpdateWindow
        • String ID:
        • API String ID: 3105689944-0
        • Opcode ID: 36c1a64f0ec529c8e851d6d6a11afc657c7e538cb3bd9242fdc31f33c894f5ad
        • Instruction ID: 3eadf062b2506d23d9dddd76cc83797dd411d37536ad3682693906632b38f7fb
        • Opcode Fuzzy Hash: 36c1a64f0ec529c8e851d6d6a11afc657c7e538cb3bd9242fdc31f33c894f5ad
        • Instruction Fuzzy Hash: 34313A75200B049FD720DB26DC84FA7B7A9FB89704F14892EE58297780CB78F8419B28
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #470.MFC42 ref: 00407E02
        • SendMessageA.USER32 ref: 00407E1C
        • #2860.MFC42(00000000), ref: 00407E23
        • #5788.MFC42(00000000,00000000), ref: 00407E2D
        • GetClientRect.USER32(?,?), ref: 00407E3D
        • GetSysColor.USER32(00000005), ref: 00407E45
        • #2754.MFC42(00000000,00000000), ref: 00407E55
        • #5875.MFC42(00000001,00000000,00000000), ref: 00407E60
        • #540.MFC42(00000001,00000000,00000000), ref: 00407E6B
        • #3874.MFC42(?,00000001,00000000,00000000), ref: 00407E7C
        • #5875.MFC42(00000000), ref: 00407E9E
        • #5788.MFC42(00000000,00000000), ref: 00407EA8
        • #800.MFC42(00000000,00000000), ref: 00407EB6
        • #755.MFC42(00000000,00000000), ref: 00407EC7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #5788#5875$#2754#2860#3874#470#540#755#800ClientColorMessageRectSend
        • String ID:
        • API String ID: 883975206-0
        • Opcode ID: 6ce2c4b8bcafbecd102fa9f051a8bff160cd9f9c6567dcf0006c4ccf72847f9a
        • Instruction ID: 0881c0a840ad79570d244407091d4c054fec20e15dfb31a946ba789e19f53efb
        • Opcode Fuzzy Hash: 6ce2c4b8bcafbecd102fa9f051a8bff160cd9f9c6567dcf0006c4ccf72847f9a
        • Instruction Fuzzy Hash: BA217C32108B40AFC214EB61CC46FDBB3E8FB88714F104A1DB5A6932D1DB78A944CF56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessageSend
        • String ID:
        • API String ID: 389268762-0
        • Opcode ID: 3d834bd4d29e1cd80c3a7c7741d6b3a9530be08921314695cd817af25bc1d272
        • Instruction ID: 416cdc28b12b9400e015c67e8154715332b7d1fbd44f9ac8e21404b34fb08969
        • Opcode Fuzzy Hash: 3d834bd4d29e1cd80c3a7c7741d6b3a9530be08921314695cd817af25bc1d272
        • Instruction Fuzzy Hash: 93118FB2A00704EFC714BBB29D48CAB77A8EFCC3147048A6EF58587241DA78D8428F65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#2379MessagePost
        • String ID:
        • API String ID: 3939144538-0
        • Opcode ID: 0138f4c474f69832da159f243471fd52f2ec0f1a5aedc09605e52a9044fa2a86
        • Instruction ID: a6aac47cd38d46e145c0ee9467843a5d1996aec9897bc41982146c21bbe41a2c
        • Opcode Fuzzy Hash: 0138f4c474f69832da159f243471fd52f2ec0f1a5aedc09605e52a9044fa2a86
        • Instruction Fuzzy Hash: 83012EB6900704ABC620BBB69C45CAB77E8FBCC3147018E6EF45587241DA78E8428F65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040D783
        • #540.MFC42 ref: 0040D792
        • #3089.MFC42 ref: 0040D7CE
          • Part of subcall function 00410000: SendMessageA.USER32 ref: 00410046
          • Part of subcall function 00410000: #6907.MFC42(00000000,?,000000FF,00000000), ref: 00410059
          • Part of subcall function 00410000: SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 0041006D
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040D7E8
        • #3286.MFC42(00000000,?), ref: 0040D80A
        • #860.MFC42(?,00000000,?), ref: 0040D81B
        • SendMessageA.USER32(?,0000100C,00000000,00000002), ref: 0040D86D
        • #5981.MFC42 ref: 0040D87F
        • #540.MFC42 ref: 0040D8AD
        • #3089.MFC42 ref: 0040D8EE
        • #3286.MFC42(?,?), ref: 0040D917
        • #860.MFC42(?,?,?), ref: 0040D928
        • #800.MFC42(?,?,?,?,?,?,?), ref: 0040D981
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3089#3286#540#860$#5981#6907#800
        • String ID:
        • API String ID: 521315000-0
        • Opcode ID: 36e42d9ec16e0244ef896ccb25f52fbe562af923f68b5eb9355b1970a237a859
        • Instruction ID: 2fcfc281c1d0749d2d93b7404d812e7da1b225060a511b39ac9aa07039c5cfc2
        • Opcode Fuzzy Hash: 36e42d9ec16e0244ef896ccb25f52fbe562af923f68b5eb9355b1970a237a859
        • Instruction Fuzzy Hash: 99617FB06087409FC714EF56C880A6BBBE5FBC8B14F104A1EF5A597381CB78D845CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407BEA
        • #540.MFC42(?,?,?,?,00416108,000000FF), ref: 00407BFA
        • #3803.MFC42(00000000,?,?,?,?,?,00416108,000000FF), ref: 00407C0F
        • #4171.MFC42(00000000,?,?,?,?,?,00416108,000000FF), ref: 00407C18
        • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407C2B
        • #6311.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C31
        • #800.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C42
        • #4171.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C73
        • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407C89
        • #6311.MFC42(?,?,?,?,00416108,000000FF), ref: 00407C91
        • #5981.MFC42(?,?,?,?,00416108,000000FF), ref: 00407BBA
          • Part of subcall function 00406560: GetClientRect.USER32(?,?), ref: 0040656F
          • Part of subcall function 00406560: InvalidateRect.USER32(?,?,00000001,?,?,00000000,?,00000000), ref: 004065A3
        • #5981.MFC42(?,?,?,?,00416108,000000FF), ref: 00407CBE
        • #5290.MFC42(?,?,?,?,?,00416108,000000FF), ref: 00407CEE
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#4171#5981#6311Rect$#3803#5290#540#800ClientInvalidate
        • String ID:
        • API String ID: 2697405086-0
        • Opcode ID: d38927745480dd28fcc5fd732de33871e2a2355540247c6d34f80002447b2240
        • Instruction ID: 8db650e57fb87165721bc15fd4944102db13c3176becebb480abc46006a58577
        • Opcode Fuzzy Hash: d38927745480dd28fcc5fd732de33871e2a2355540247c6d34f80002447b2240
        • Instruction Fuzzy Hash: CC418C72304A009FD224DF15D891FAAB3A5FBC4B20F00492EFA52877C1CB3AE805CB59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407A7B
        • IsWindow.USER32(?), ref: 00407A95
        • #5981.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407AA6
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407ACE
        • #540.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407ADE
        • #3803.MFC42(00000000,?,?,?,?,?,?,004160E8,000000FF), ref: 00407AF3
        • #4171.MFC42(00000000,?,?,?,?,?,?,004160E8,000000FF), ref: 00407AFC
        • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00407B0F
        • #6311.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B15
        • #800.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B26
        • #4171.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B39
        • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407B4F
        • #6311.MFC42(?,?,?,?,?,004160E8,000000FF), ref: 00407B57
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#4171#6311$#2379#3803#540#5981#800Window
        • String ID:
        • API String ID: 1959545760-0
        • Opcode ID: 24cc62f3ff54a8449bfc7e62a2a3b613b5b2ed56fd2829ba58f23af0ef65f817
        • Instruction ID: cfce2d2c104eac81aaa849079783a2e54d1241d4ab6f2c7c66a6d90d17161818
        • Opcode Fuzzy Hash: 24cc62f3ff54a8449bfc7e62a2a3b613b5b2ed56fd2829ba58f23af0ef65f817
        • Instruction Fuzzy Hash: 2C319C71304711ABC320EB65DC41FABB7A9FB88714F104A6EB656972C1CB38F801CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00408366
        • GetParent.USER32(?), ref: 0040837E
        • #2864.MFC42(00000000), ref: 00408385
        • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0040839A
        • #2860.MFC42(00000000), ref: 0040839D
        • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004083B2
        • #6199.MFC42(?), ref: 004083BA
        • #5981.MFC42(?), ref: 004083C1
        • #6134.MFC42(00000000,000000FF,?), ref: 004083CC
        • GetCursorPos.USER32(?), ref: 004083DD
        • ScreenToClient.USER32(?,?), ref: 004083EC
        • PostMessageA.USER32(?,00000201,00000000,?), ref: 0040841D
        • PostMessageA.USER32(?,00000202,00000000,?), ref: 00408444
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Message$PostSend$#2379#2860#2864#5981#6134#6199ClientCursorParentScreen
        • String ID:
        • API String ID: 3385793932-0
        • Opcode ID: aae1508c2075d44cf8d3cefba015964662f9db4db6e94e09ea49040c11348bc1
        • Instruction ID: 7c5f8338a5aadf6bc6e1cc0e3de88ad0686b23dfc432d154a509f70981585774
        • Opcode Fuzzy Hash: aae1508c2075d44cf8d3cefba015964662f9db4db6e94e09ea49040c11348bc1
        • Instruction Fuzzy Hash: 3A21E571610701ABEA24E774DC55FBB77A9EFC8710F108A3EF991972C0D978E800CA58
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00414928
          • Part of subcall function 0040FA00: #823.MFC42(00000014,?,?,?,004169EB,000000FF), ref: 0040FA2B
          • Part of subcall function 00402210: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040222E
          • Part of subcall function 00402210: GlobalAlloc.KERNEL32(00000040,00000030,00000000,0040217B,?,?,?,?,?,?,?,?), ref: 0040223A
          • Part of subcall function 004025A0: #825.MFC42(?), ref: 004025B6
          • Part of subcall function 004025A0: #823.MFC42(00000000), ref: 004025CF
          • Part of subcall function 00402610: #540.MFC42 ref: 00402631
          • Part of subcall function 00402610: #540.MFC42 ref: 00402640
          • Part of subcall function 00402610: #540.MFC42 ref: 0040264E
          • Part of subcall function 00402610: #2818.MFC42(?,GfxLists\%s,?), ref: 00402667
          • Part of subcall function 00402610: #1168.MFC42 ref: 0040266F
          • Part of subcall function 00402610: #3521.MFC42(?,NumDef,00000000), ref: 00402684
          • Part of subcall function 00402610: #800.MFC42 ref: 00402698
          • Part of subcall function 00402610: #800.MFC42 ref: 004026A6
          • Part of subcall function 00402610: #800.MFC42 ref: 004026B7
          • Part of subcall function 0040C7F0: #3797.MFC42(?,00409A2B), ref: 0040C7F3
          • Part of subcall function 0040C7F0: GetDlgItem.USER32(?,00000000), ref: 0040C806
          • Part of subcall function 0040C7F0: #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
          • Part of subcall function 0040C7F0: #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
          • Part of subcall function 0040C7F0: #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
          • Part of subcall function 0040C630: #6197.MFC42(00000000,00000000,00000000,00000000,00000000,?), ref: 0040C676
        • SendMessageA.USER32(000000FF,0000102F,000000C8,00000000), ref: 00414AD6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800$#823AllocGlobal$#1168#2818#3521#3797#4284#4710#6197#6215#6242#825ItemMessageSend
        • String ID: Colonna 0$Colonna 1$Colonna 2$Colonna 3$Image 1$Image 2$Image 3$The Combox$TheDialogList
        • API String ID: 2277402770-3319858531
        • Opcode ID: 81e860d35504bf932eed5caa138392c3d0229e3298ef1eb2b36a763aed4008cb
        • Instruction ID: 2893507d3d3627270e5bab3132627538ef3e197090d2b8e97ee9b2963e26727d
        • Opcode Fuzzy Hash: 81e860d35504bf932eed5caa138392c3d0229e3298ef1eb2b36a763aed4008cb
        • Instruction Fuzzy Hash: A1417F703C471176F6246A228C5BF9E65419B94F18F700A2EFB153E2C2CAFE7589478D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401972
        • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 0040197F
        • #540.MFC42(?,?,00000000,00000000), ref: 00401996
        • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 004019CC
        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 004019E6
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401A04
        • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000), ref: 00401A33
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000), ref: 00401A58
        • #800.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 00401A7E
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401AAA
        Strings
        • Categoria: %s (%d element%c), xrefs: 004019C6
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007$#2818#540#800
        • String ID: Categoria: %s (%d element%c)
        • API String ID: 3038386888-3571718097
        • Opcode ID: 448111b3b23547297665b8ff52bc525bc126dc56790e5e6e8279de4907e31e0d
        • Instruction ID: 87d62f801f2460637964f90c88e523243ecd0f03fd2e19ce8ac88af5e0f5324e
        • Opcode Fuzzy Hash: 448111b3b23547297665b8ff52bc525bc126dc56790e5e6e8279de4907e31e0d
        • Instruction Fuzzy Hash: 0E41A3703403056BD324DF15CC82FA7B7A5FB89B24F20462DBA59AB3C1D774E9468B98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(?,?,?,?,?,00416FC8,000000FF), ref: 00414C3E
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
        • #860.MFC42(0041E71C,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414C62
        • #860.MFC42(0041E718,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414C77
        • lstrcpynA.KERNEL32(?,?,?), ref: 00414CE8
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00416FC8,000000FF), ref: 00414D04
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #860$#540#800MessageSendlstrcpyn
        • String ID: %d, %d$col 3 - item %d
        • API String ID: 3464979670-1575453508
        • Opcode ID: 2bf4730485b5756d093b17ab02da81ca8514affbe3bfd582e300c49465aa1b3b
        • Instruction ID: 19e689d9ab30b7f8e47f8269710f3a11b3dd490aa0afa492d86d6fab2276d26e
        • Opcode Fuzzy Hash: 2bf4730485b5756d093b17ab02da81ca8514affbe3bfd582e300c49465aa1b3b
        • Instruction Fuzzy Hash: C231A6754043009BD720DB12D941BEBB7E4EBD9B14F110E1FF89653390F73DA9858A9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004044A2
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004044BB
        • #3092.MFC42(000003FA), ref: 004044C6
        • #4123.MFC42(000003FA), ref: 004044CD
        • #289.MFC42(?,000003FA), ref: 004044DF
        • #537.MFC42 ref: 004044F5
        • GetTextExtentPoint32A.GDI32(?,?,?,000003FA), ref: 0040450D
        • #800.MFC42 ref: 00404517
        • #6334.MFC42(00000001), ref: 00404520
        • #613.MFC42(00000001), ref: 0040455D
        Strings
        • AbCdEfGhIj MnOpQrStUvWxYz, xrefs: 004044E4
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#289#3092#4123#537#613#6334#800ExtentPoint32Text
        • String ID: AbCdEfGhIj MnOpQrStUvWxYz
        • API String ID: 3117280295-3477557351
        • Opcode ID: 3dcf5754866a66f289f4a14a5a8e0011251c420027a93cd97f70e65f3808359e
        • Instruction ID: 6ead9a95320f2e17585fe5a02b67da42463e539038b90bb64c08ae1ac89da54d
        • Opcode Fuzzy Hash: 3dcf5754866a66f289f4a14a5a8e0011251c420027a93cd97f70e65f3808359e
        • Instruction Fuzzy Hash: AB219F71640701ABD218EB29CC51FEAB3E9EBC8724F008A1DF55A9B2D0DB78A8458B55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 0040C699
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C6BB
        • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040C6D2
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C6E5
        • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040C703
        • #3293.MFC42(00000000,?,00000000), ref: 0040C714
        • EnableScrollBar.USER32(?,00000000,00000003), ref: 0040C73F
        • GetCursorPos.USER32(?), ref: 0040C746
        • ScreenToClient.USER32(?,?), ref: 0040C755
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?,?), ref: 0040C795
        • InvalidateRect.USER32(?,-00000001,00000001,-00000001,?,?), ref: 0040C7B7
        • InvalidateRect.USER32(?,00000001,00000001,00000001,?,?), ref: 0040C7DC
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: InvalidateRectScroll$EnableMessageSend$#2379#3293ClientCursorScreenShow
        • String ID:
        • API String ID: 2596560422-0
        • Opcode ID: e06e2fc00c76e843fc03f05a86c130b795a75290bae8b45935c027b5c34309be
        • Instruction ID: fa3d2c222b63dadede79ad366c5286aa8bc5a0bd86d1978c02626fdd7f42ae2d
        • Opcode Fuzzy Hash: e06e2fc00c76e843fc03f05a86c130b795a75290bae8b45935c027b5c34309be
        • Instruction Fuzzy Hash: D7412271244706AFD624DF64DC91FABB3E9FBC8B04F104A1DB285971C0EAB4F9068B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 00414695
        • #2864.MFC42(00000000), ref: 0041469C
        • #5981.MFC42(00000000), ref: 004146A7
        • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 004146C2
        • GetWindowRect.USER32(?,?), ref: 004146D1
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 0041470C
        • GetFocus.USER32 ref: 00414730
        • #2864.MFC42(00000000), ref: 00414737
        • #5981.MFC42(00000000), ref: 00414742
        • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 00414759
        • GetWindowRect.USER32(?,?), ref: 00414768
        • SendMessageA.USER32(?,00000047,00000000,?), ref: 004147A3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Rect$#2864#5981FocusInvalidateMessageSendWindow
        • String ID:
        • API String ID: 17734095-0
        • Opcode ID: 8ac0a1d2beff1decac78ffe943ad60053df49a280ea632025abd9e1eed432d6f
        • Instruction ID: 03e7f711754475cf85f77b85fc3fcdbc04555e6b31efa9f765d59489b03bf76c
        • Opcode Fuzzy Hash: 8ac0a1d2beff1decac78ffe943ad60053df49a280ea632025abd9e1eed432d6f
        • Instruction Fuzzy Hash: E2313D79604301AFD724DF68D988BEBB7E4FBC9B04F14891EB49987280D774E8408B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,004161E8,000000FF,004082DC), ref: 00408751
        • #3874.MFC42 ref: 00408765
        • GetParent.USER32(?), ref: 004087B0
        • #2864.MFC42(00000000), ref: 004087B3
        • #3089.MFC42(00000000), ref: 004087C1
        • GetParent.USER32(?), ref: 00408806
        • #2864.MFC42(00000000), ref: 00408809
        • GetParent.USER32(?), ref: 00408814
        • #2864.MFC42(00000000), ref: 00408817
        • #3089.MFC42(00000000), ref: 00408820
        • SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408831
        • #800.MFC42 ref: 00408843
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#3089$#3874#540#800MessageSend
        • String ID:
        • API String ID: 3277556153-0
        • Opcode ID: 9ecc2e343a57f6c9b9bccfcb271e0fb3ed7aef3b58fc4218f23aa3b3561ccd90
        • Instruction ID: 7e9e1338364652756a18548eb393c519231e6f42391e95960905e0b5ac38a4cb
        • Opcode Fuzzy Hash: 9ecc2e343a57f6c9b9bccfcb271e0fb3ed7aef3b58fc4218f23aa3b3561ccd90
        • Instruction Fuzzy Hash: 86318DB56047419FC310DF65C995A9BBBE5FB89314F148A2EF9E983380DB38E805CB45
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 00693020
        • InterlockedExchange.KERNEL32(?,00000000), ref: 0069302C
        • timeGetTime.WINMM ref: 00693032
        • socket.WS2_32(00000002,00000001,00000006), ref: 0069305F
        • gethostbyname.WS2_32(?), ref: 00693083
        • htons.WS2_32(?), ref: 0069309C
        • connect.WS2_32(?,?,00000010), ref: 006930BA
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0069316E
        • InterlockedExchange.KERNEL32(?,00000001), ref: 00693177
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 3940796591-3203441087
        • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction ID: 7ed01f6e3ab3f8621417ea97cf07fb3a75f93c0144dcbfd83f120cb5bbd560b0
        • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction Fuzzy Hash: 7E514EB1640714ABE720DFA4CC85FAAB7F9FF48B10F108619F656A76D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 0069E558
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0069E56C
        • RegQueryValueExA.ADVAPI32(?,10012B20,00000000,00000000,00000000,?), ref: 0069E5FC
        • OutputDebugStringA.KERNEL32(10012B64), ref: 0069E62D
        • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 0069E6AD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Value$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
        • API String ID: 2479511575-1482746000
        • Opcode ID: db1e06d7f8b1c9a70397df2513213af948fc90533697df7d74bbac6cfb54c00c
        • Instruction ID: 436ca9a42015c30370ef37c5735fd1afe5e8697b9e8eea3fd0b104f9e73009e2
        • Opcode Fuzzy Hash: db1e06d7f8b1c9a70397df2513213af948fc90533697df7d74bbac6cfb54c00c
        • Instruction Fuzzy Hash: 254182B1A40228ABEB24EB608C95FEE777AEF48701F004189F705AB181DB71EA54CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10005BBD
        • memset.MSVCR100 ref: 10005BD1
        • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 10005BEB
        • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?), ref: 10005C26
        • _mbscmp.MSVCR100 ref: 10005C39
        • lstrcpyA.KERNEL32(-000000D0,system), ref: 10005C52
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C67
        • WTSFreeMemory.WTSAPI32(?), ref: 10005C84
        • ??3@YAXPAX@Z.MSVCR100 ref: 10005C9E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: FreeMemory$??2@??3@EnumerateInformationQuerySessionSessions_mbscmplstrcpymemset
        • String ID: system
        • API String ID: 2835183911-3377271179
        • Opcode ID: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction ID: d08ab42cfd6b18e12b5412b75c8ea3aae0022bfd40c742a0170e7af3aa65547d
        • Opcode Fuzzy Hash: f699af101790f5738c5ddc8dac3002a1ac1371813d8a80b28c00d8e342d1d40c
        • Instruction Fuzzy Hash: FF31A1B5A00219AFEB10CF90CCC8DAFBBB8FF44711F108119E915A3244D730AA51CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
        • _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@D@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID: bad cast
        • API String ID: 3682899576-3145022300
        • Opcode ID: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction ID: 9267944088e3d385a90ca68d15580f4292d556ca69c9bd6cbb330ffcc8da112e
        • Opcode Fuzzy Hash: c8eccd13d0f963235b6200b9bf0bd1cbea3280da64015d9ecab7b6537fbc04aa
        • Instruction Fuzzy Hash: D5319375900265AFEB14DF54CC98ADEB7B4FB48760F06825AE912A7390DF30ED40CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00402F0E
        • #540.MFC42(?,?,?,?,?,?,00415B10,000000FF), ref: 00402F44
        • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 00402F7D
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00402FCF
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 00402FE9
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 00402FF7
        • #540.MFC42(?,?,?,?,?,?,?,00415B10,000000FF), ref: 00403044
        • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 0040307C
        • SendMessageA.USER32(?,00000180,00000000,00000000), ref: 004030CE
        • SendMessageA.USER32(?,0000019A,00000000,?), ref: 004030E8
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415B10,000000FF), ref: 004030F6
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#540#800#860$#4710
        • String ID:
        • API String ID: 3386122782-0
        • Opcode ID: accb93b4d4534babb3c33df265153e75899ebeeddc23ea462ef3d0e6416893cf
        • Instruction ID: 0e1bbe4d6bf82e6f399bf355421bbbbf0538587b7e608849e9b5efe81bae2a50
        • Opcode Fuzzy Hash: accb93b4d4534babb3c33df265153e75899ebeeddc23ea462ef3d0e6416893cf
        • Instruction Fuzzy Hash: 0961F0742003069BC310DF25C860BA3B7E5BF99714F148A6DF8969B3D1DB39E806C798
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,10016034,?,?,?), ref: 00694C8A
        • RtlEnterCriticalSection.NTDLL(?), ref: 00694CB1
        • SetLastError.KERNEL32(0000139F), ref: 00694CC5
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00694CCC
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: 15f65537994483bd1a8b3d831e4c287618eb833af2be027a859926ebd0a485b3
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: FB518BB6A047049FD724DF68C884A6AB7F9FF48711F00862EE91AC3B50DB35E815CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • wsprintfA.USER32 ref: 0069DBBB
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0069DBD0
        • GetLastError.KERNEL32 ref: 0069DBDC
        • ReleaseMutex.KERNEL32(00000000), ref: 0069DBEA
        • CloseHandle.KERNEL32(00000000), ref: 0069DBF1
        • GetTickCount.KERNEL32 ref: 0069DC44
        • GetTickCount.KERNEL32 ref: 0069DC5F
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0069DC9D
        • TerminateThread.KERNEL32(?,000000FF), ref: 0069DD7E
        • CloseHandle.KERNEL32(?), ref: 0069DD8C
        • CloseHandle.KERNEL32(?), ref: 0069DDAF
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
        • String ID:
        • API String ID: 583979846-0
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: 820cc0f03d19df5062c9002ed0a34317a9265b9fe8a81c612659f7f277be5c0e
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 9A518CB1508791AFDB24DF68CC84B9BB7E9FF88711F008628E54A87391C770A855CF92
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(00000064), ref: 10002D1D
        • CloseHandle.KERNEL32(?), ref: 10002D33
        • CloseHandle.KERNEL32(?), ref: 10002D3D
        • CloseHandle.KERNEL32(?), ref: 10002D47
        • WSACleanup.WS2_32 ref: 10002D49
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D63
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D7C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002D95
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DB5
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DCC
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10002DE3
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: FreeVirtual$CloseHandle$CleanupSleep
        • String ID:
        • API String ID: 21600312-0
        • Opcode ID: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction ID: e8e7963b61715e07e1f975425be793fcef977bd32e5d06e796b9a2ad35ea54e2
        • Opcode Fuzzy Hash: 62ed5b9ee8074aadba7ec67298a2d3ad02d52a7ad2a690c1c84668e729d921c9
        • Instruction Fuzzy Hash: A72107B1600B54ABE760DF6A8DC4A16F7E8FF542847924C2EF682D7A54C7B4FC448E20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,408982D5,00000000,00000000,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41), ref: 10009B90
        • ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
        • ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast), ref: 10009C09
        • _CxxThrowException.MSVCR100(?,10013774), ref: 10009C18
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,10013774), ref: 10009C28
        • std::locale::facet::_Facet_Register.LIBCPMT ref: 10009C2F
        • ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Lockit@std@@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@RegisterThrowstd::locale::facet::_
        • String ID: bad cast
        • API String ID: 3754268192-3145022300
        • Opcode ID: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction ID: 8e14b074035db8c01746d2bfa9994902538dc9c994fd8b17045a7e04c907522a
        • Opcode Fuzzy Hash: c3730225f8bf254fa40e5c618c1995c6e1bfb61344110a3a376676e76a75edff
        • Instruction Fuzzy Hash: CA31D2B6904124AFEB14CF54DD84A9EB7B8FB043B0F518259ED26A73A1DB30ED40CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42(0041E8F0), ref: 004139FF
          • Part of subcall function 0040EF50: SendMessageA.USER32 ref: 0040EF6E
        • #860.MFC42(0041E71C,?,0041E8F0), ref: 00413A20
        • #860.MFC42(0041E718,?,0041E8F0), ref: 00413A36
        Strings
        • ma perche' non funziona ? non riesco a capire, porcaccia miseria %d, xrefs: 00413A7D
        • %d, %d, xrefs: 00413A96
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #860$MessageSend
        • String ID: %d, %d$ma perche' non funziona ? non riesco a capire, porcaccia miseria %d
        • API String ID: 272421880-2169086710
        • Opcode ID: b2bc011f5c63b3e8fde4b36ee62048f241c21c3b432790215cd8286b61180210
        • Instruction ID: 9e6ede3ad9f4941932dc250fe1f6dc5eeb94d8e47c614b05bddc7eca871c35c0
        • Opcode Fuzzy Hash: b2bc011f5c63b3e8fde4b36ee62048f241c21c3b432790215cd8286b61180210
        • Instruction Fuzzy Hash: 5601E537B04210669850F51AB802FDF5345DAE4B21F200C2BF54297282D68C5DD742FE
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(408982D5,0000002D,?,00000000,?), ref: 1000BFAD
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,408982D5,0000002D,?,00000000,?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000BFCD
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000C00A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,?,?,10007D4F,?), ref: 1000C027
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C063
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_??2@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 1881732901-0
        • Opcode ID: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction ID: 2564591a47ad9c99d460cfe4242aa2a7db49b47659ffe0b548625c32ae3f8a46
        • Opcode Fuzzy Hash: 81c7dc91019b98e5840d6c1fe4105652785039269908567708a7381e4daecea3
        • Instruction Fuzzy Hash: AA918074A00749DFEB14CF24C890A9ABBF1FF49390F04856DE8AA97746D730E954CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,?,?,1000398D,?,00000000,000000FF,00000000), ref: 10003E05
        • LeaveCriticalSection.KERNEL32(?,?,?,1000398D,?,00000000,000000FF,00000000), ref: 10003E50
        • send.WS2_32(?,000000FF,00000000,00000000), ref: 10003E6E
        • EnterCriticalSection.KERNEL32(?), ref: 10003E81
        • LeaveCriticalSection.KERNEL32(?), ref: 10003E94
        • HeapFree.KERNEL32(00000000,00000000,?,?,?,1000398D,?,00000000,000000FF,00000000), ref: 10003EBC
        • WSAGetLastError.WS2_32(?,?,1000398D,?,00000000,000000FF,00000000), ref: 10003EC7
        • EnterCriticalSection.KERNEL32(?,?,?,1000398D,?,00000000,000000FF,00000000), ref: 10003EDB
        • LeaveCriticalSection.KERNEL32(?), ref: 10003F14
        • HeapFree.KERNEL32(00000000,00000000,?), ref: 10003F51
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 2c389ec91166f8d99a0981ef4c5aaf8142e0d6f8b4aebfa5d31c0d89d255123b
        • Instruction ID: 95e7f1dcb72b6087f728085c9acbc1400d3849db0c1b3c989ec691719f25d438
        • Opcode Fuzzy Hash: 2c389ec91166f8d99a0981ef4c5aaf8142e0d6f8b4aebfa5d31c0d89d255123b
        • Instruction Fuzzy Hash: 884114B1504A419FE761CF78C8C8AA7B7F8EB49380F10896EE96ACB255D730E8418B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 00693FA9
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00693FF4
        • send.WS2_32(00693CA7,?,?,00000000), ref: 00694012
        • RtlEnterCriticalSection.NTDLL(?), ref: 00694025
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00694038
        • HeapFree.KERNEL32(00000000,00000000,?,?,00693CA7), ref: 00694060
        • WSAGetLastError.WS2_32(?,00693CA7), ref: 0069406B
        • RtlEnterCriticalSection.NTDLL(?), ref: 0069407F
        • RtlLeaveCriticalSection.NTDLL(?), ref: 006940B8
        • HeapFree.KERNEL32(00000000,00000000,?,?,00693CA7), ref: 006940F5
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction ID: 29fdf63eac73c0cc44b9618ec5daa6930d0e2072b3d0ffb91584abf905b55c5c
        • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction Fuzzy Hash: 454106B15047109FDB60CF78C8C8AA7B7FABB59300F14896DE96ACB751DB31E9428B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 100036A0: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
          • Part of subcall function 100036A0: free.MSVCR100(?), ref: 100036DC
          • Part of subcall function 100036A0: malloc.MSVCR100 ref: 10003718
          • Part of subcall function 100036A0: memset.MSVCR100 ref: 10003727
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035A5
        • InterlockedIncrement.KERNEL32(10016A3C), ref: 100035B3
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100035DA
        • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 100035F3
        • _beginthreadex.MSVCR100 ref: 10003615
        • ResetEvent.KERNEL32(?,?,?,10016A3C), ref: 1000362E
        • SetLastError.KERNEL32(00000000), ref: 10003661
        • GetLastError.KERNEL32 ref: 10003679
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • SetLastError.KERNEL32(00000000), ref: 10003689
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_beginthreadexclosesocketfreemallocmemsetsendshutdown
        • String ID:
        • API String ID: 2811472597-0
        • Opcode ID: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction ID: 528c5fe63bee85bd579387a06ccf710ef0ae3c773235a27bcf9d154c9c99c380
        • Opcode Fuzzy Hash: 4bf5c2cee0a1360ca3e334e4d64faabe410261ff281ac3a557d400c66b9aae46
        • Instruction Fuzzy Hash: C3415BB1600704AFE360DF69CC80B5BB7E8FB48751F50892EEA46D7690DBB1F9548B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D,00000000,000000FF,00000000,000000FF,00000000), ref: 10004D63
        • EnterCriticalSection.KERNEL32(000002FF,00000000,000000FF,00000000,000000FF,00000000), ref: 10004D78
        • WSASetLastError.WS2_32(00002746), ref: 10004D8A
        • LeaveCriticalSection.KERNEL32(000002FF), ref: 10004D91
        • timeGetTime.WINMM ref: 10004DBF
        • timeGetTime.WINMM ref: 10004DE7
        • SetEvent.KERNEL32(?), ref: 10004E25
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10004E31
        • LeaveCriticalSection.KERNEL32(000002FF), ref: 10004E38
        • LeaveCriticalSection.KERNEL32(000002FF), ref: 10004E4B
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: dd5d7311db4ce109a031af4aa1e8b606f77a1a0a1ac77fb5a6b13c7455691318
        • Instruction ID: ec2b79fedc414f9553798197052756955a32ae4d36ffb583ee8fc20c2801b713
        • Opcode Fuzzy Hash: dd5d7311db4ce109a031af4aa1e8b606f77a1a0a1ac77fb5a6b13c7455691318
        • Instruction Fuzzy Hash: 3C4118B1600341DFE320DF68C888A5AB7F9FF89794F02855AE44AC7755EB35EC518B44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D,00000000,?), ref: 00694F07
        • RtlEnterCriticalSection.NTDLL(?), ref: 00694F1C
        • WSASetLastError.WS2_32(00002746), ref: 00694F2E
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00694F35
        • timeGetTime.WINMM ref: 00694F63
        • timeGetTime.WINMM ref: 00694F8B
        • SetEvent.KERNEL32(?), ref: 00694FC9
        • InterlockedExchange.KERNEL32(?,00000001), ref: 00694FD5
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00694FDC
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00694FEF
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: ca2a519c553e6a7518472017456cd66bb4df54691037a71220f5ab183e518e5f
        • Instruction ID: 44fddb7b738f4d868e0ff673476d9f074141861047bd962c6e74ef125d1a584d
        • Opcode Fuzzy Hash: ca2a519c553e6a7518472017456cd66bb4df54691037a71220f5ab183e518e5f
        • Instruction Fuzzy Hash: AD41A2716043019FDB20DF68C888EAAB7FAFF98311F148659E48AC7B51DB35E856CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 1000375F
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10003798
        • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100037B5
        • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100037C8
        • WSACreateEvent.WS2_32 ref: 100037CA
        • gethostbyname.WS2_32(?), ref: 100037D4
        • htons.WS2_32(?), ref: 100037ED
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 1000380B
        • connect.WS2_32(?,?,00000010), ref: 10003820
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 1000382F
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 2147236057-0
        • Opcode ID: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction ID: 832f1b8ff29030e8bf453c954313f24a602478d3b057f428ca850e8eb3ef4c46
        • Opcode Fuzzy Hash: 11154d02556014bab69c29f205544ed17c0344dfe421f285351bafb9c7504958
        • Instruction Fuzzy Hash: B0312AB1A00319AFE710DFA4CC85E7FB7B8FB48760F108619F622972D0DA75EA158B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10004443
        • ResetEvent.KERNEL32(?), ref: 1000444C
        • timeGetTime.WINMM ref: 1000444E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
        • ResetEvent.KERNEL32(?), ref: 100044C8
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • ResetEvent.KERNEL32(?), ref: 100044DC
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 542259498-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • PtInRect.USER32(?,?,?), ref: 00411D72
        • ReleaseCapture.USER32 ref: 00411D80
        • #6215.MFC42(00000000), ref: 00411D8A
        • ClientToScreen.USER32(?,?), ref: 00411D98
        • WindowFromPoint.USER32(?,?), ref: 00411DA8
        • #2864.MFC42(00000000), ref: 00411DAF
        • SendMessageA.USER32(?,00000084,00000000,?), ref: 00411DE1
        • ScreenToClient.USER32(?,?), ref: 00411DF5
        • PostMessageA.USER32(?,00000200,?,?), ref: 00411E22
        • PostMessageA.USER32(?,000000A0,00000000,?), ref: 00411E51
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Message$ClientPostScreen$#2864#6215CaptureFromPointRectReleaseSendWindow
        • String ID:
        • API String ID: 2212727604-0
        • Opcode ID: 7d4373d860bd0bff0353ee0e80281f8ed34d9b8c302007103ec784144add69fa
        • Instruction ID: 65d3540d572290dc8e8e7abde01ab7ff959d86298a5a24645ee68ad796840dd3
        • Opcode Fuzzy Hash: 7d4373d860bd0bff0353ee0e80281f8ed34d9b8c302007103ec784144add69fa
        • Instruction Fuzzy Hash: 4D212CB2604702AFE314DB64DC45EBBB3A9FBC9710F148A3DF66183680DB74E8058B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 006957EA
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 0069581F
        • LoadLibraryA.KERNEL32(10012638), ref: 00695877
        • CloseHandle.KERNEL32(?), ref: 00695896
        • FreeLibrary.KERNEL32(00000000), ref: 006958A1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$Adva$pi32
        • API String ID: 1168765234-3719434023
        • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction ID: a9094966a292ea354d318607f65070dc0ab9b7a23f552ada56b43fc04a607d2a
        • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction Fuzzy Hash: 5831A1B1A01218ABDB11DFB4DD89BEEBB79EF49700F104119FA05A7240DB70D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42(00000000,?,00000000,?,00000000,00000000,?,?,?,?,?,00000000), ref: 0040E7A1
        • #2818.MFC42 ref: 0040E7BD
        • SendMessageA.USER32(?,00001203,?,?), ref: 0040E7E6
        • #4171.MFC42 ref: 0040E802
        • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040E825
        • #6311.MFC42 ref: 0040E82B
        • #800.MFC42 ref: 0040E83C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#2818#4171#540#6311#800
        • String ID: %d_
        • API String ID: 2501914315-998424543
        • Opcode ID: e13109731b13dc81358fae85d8a0ed370a25a2acfac89c727dc0535e64b2ade5
        • Instruction ID: 30fdfb81188390aa47a7274450003a84f5298988f9682049873e1f4bd2872624
        • Opcode Fuzzy Hash: e13109731b13dc81358fae85d8a0ed370a25a2acfac89c727dc0535e64b2ade5
        • Instruction Fuzzy Hash: 5F21E875508780AFD310DF59D881E9BF7E4FBC9724F108A1EF5A983280D774A905CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: lstrlenmemset$??2@gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1496828540-2058306683
        • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
        • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #324.MFC42(00000082,?,?,?,?,?,?,?,00416F94,000000FF,00414516,00000000), ref: 0041481A
        • #384.MFC42(00000082,?), ref: 0041482C
        • #384.MFC42(00000082,?), ref: 0041483B
          • Part of subcall function 00409360: #567.MFC42 ref: 00409382
          • Part of subcall function 00409360: #540.MFC42 ref: 0040940B
          • Part of subcall function 00409360: #384.MFC42 ref: 0040943B
          • Part of subcall function 00409360: GetSysColor.USER32(00000008), ref: 00409497
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094A1
          • Part of subcall function 00409360: GetSysColor.USER32(00000005), ref: 004094AB
          • Part of subcall function 00409360: GetSysColor.USER32(0000000D), ref: 004094B5
          • Part of subcall function 00409360: GetSysColor.USER32(00000003), ref: 004094BF
          • Part of subcall function 00409360: GetSysColor.USER32(0000000F), ref: 004094C9
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 004094D9
          • Part of subcall function 00409360: #472.MFC42(00000000,00000001,00C0C0C0), ref: 004094F8
          • Part of subcall function 00409360: #823.MFC42(00000008), ref: 0040950E
        • #2097.MFC42(00000086,00000010,00000000,00FF00FF,00000082), ref: 00414878
        • #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041488D
        • #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041489D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Color$#384$#2097#823$#2243#324#472#540#567
        • String ID: TA$Times New Roman
        • API String ID: 38881361-2591298183
        • Opcode ID: a406a15864a2363815616b8ce2469ebf1a2deabd326eb26d11c3b2c0324dd914
        • Instruction ID: 2bf692fb0ee0bc1fbbb3a116274d897e30aec38213a2b893b30cc859ce00c935
        • Opcode Fuzzy Hash: a406a15864a2363815616b8ce2469ebf1a2deabd326eb26d11c3b2c0324dd914
        • Instruction Fuzzy Hash: F711B671384B41EBE311DF16C842B9AB794EB84B18F00491EF5911B3C2CBBDA5488B5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,408982D5,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,408982D5,?,76232F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
        • String ID:
        • API String ID: 2486110213-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3797.MFC42 ref: 0040C329
        • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040C34C
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C361
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C378
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C38B
        • #3293.MFC42(00000000,?,00000000), ref: 0040C3B4
        • PtInRect.USER32(?,?,?), ref: 0040C3D6
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040C3F6
        • GetClientRect.USER32(?,?), ref: 0040C44C
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3293#3797Client
        • String ID:
        • API String ID: 3796748647-0
        • Opcode ID: bb97c3f7b87146a16a2bd0954ce0c9c3d4c939cb8cc9bfd89a70c7467e3b6705
        • Instruction ID: e2a8c47e10e70cb08fe8a4a1788704d3dfadbd7f823f7166ba5f8f2836e34f88
        • Opcode Fuzzy Hash: bb97c3f7b87146a16a2bd0954ce0c9c3d4c939cb8cc9bfd89a70c7467e3b6705
        • Instruction Fuzzy Hash: C04148712043059BC314CF29DCC1F6AB7E5FBC8704F104A2EF589DB281E674E9428B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3910.MFC42(?,?,00000000,76933EB0,?,00000000,?,?,?), ref: 0040CAF8
        • GetWindowLongA.USER32(?,000000F0), ref: 0040CB13
        • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040CB3F
        • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040CB54
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CB69
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CB7E
        • #3293.MFC42(00000000,?,00000000,?,?,00000000,76933EB0,?,00000000,?,?,?), ref: 0040CBA1
        • PtInRect.USER32(?,00000000,?), ref: 0040CBB2
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CBD2
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3293#3910LongRectWindow
        • String ID:
        • API String ID: 3992863169-0
        • Opcode ID: 46616b84b279fa267487c12ad05616f5ef0713c59b269fc0d12aec00cf5bd485
        • Instruction ID: 2469fe7d0211dde195add33a7aa0be789a922c66ee08035144461f5b6f68c818
        • Opcode Fuzzy Hash: 46616b84b279fa267487c12ad05616f5ef0713c59b269fc0d12aec00cf5bd485
        • Instruction Fuzzy Hash: C6416D72344311ABD314DB29DC82F6BB7E4EB88710F54462AF694EB2C1DB74E8058B99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #537.MFC42(?), ref: 00412835
        • #1175.MFC42 ref: 00412851
        • #289.MFC42(00000000), ref: 0041286A
        • #2860.MFC42(?,?,00000000), ref: 00412880
        • #5788.MFC42(00000000,?,?,00000000), ref: 0041288A
        • GetTabbedTextExtentA.USER32(?,?,?,00000000,00000000), ref: 004128A3
        • #5788.MFC42(00000000,?,00000000), ref: 0041292F
        • #613.MFC42(00000000,?,00000000), ref: 0041293D
        • #800.MFC42(?,00000000), ref: 00412961
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #5788$#1175#2860#289#537#613#800ExtentTabbedText
        • String ID:
        • API String ID: 2367858267-0
        • Opcode ID: 7ab906c1582ff08a3d3683eb2643f85a5a498c42d6453c0faec1b927f4ebdf65
        • Instruction ID: 0d1684629ccb6b3457967a4439a5b3894e2ee7433c75f2001980a8011b125686
        • Opcode Fuzzy Hash: 7ab906c1582ff08a3d3683eb2643f85a5a498c42d6453c0faec1b927f4ebdf65
        • Instruction Fuzzy Hash: 945127B56047419FC314DF29C984BABB7E4FB88714F004A2EF5A6C7290D778E944CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsChild.USER32(?,?), ref: 0040750B
        • #2379.MFC42(?,?,00416048,000000FF), ref: 00407517
        • #540.MFC42(?,?,00416048,000000FF), ref: 00407520
        • #3874.MFC42(?,?,?,00416048,000000FF), ref: 00407534
        • #4171.MFC42(?,?,?,00416048,000000FF), ref: 0040753D
        • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407551
        • #6311.MFC42(?,?,00416048,000000FF), ref: 0040755B
        • #858.MFC42(?,?,?,00416048,000000FF), ref: 00407568
        • #800.MFC42(?,?,00416048,000000FF), ref: 0040758E
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2379#3874#4171#540#6311#800#858ChildMessageSend
        • String ID:
        • API String ID: 421972520-0
        • Opcode ID: c32a3dce1588ecb4255d905a7300fb92fe6bb3ea6ff74e786d6294ac9ec5c229
        • Instruction ID: c4d36eb5357b1e268129fe855134a09c69f5ef8fe81d0dce456d3e5d315ebacb
        • Opcode Fuzzy Hash: c32a3dce1588ecb4255d905a7300fb92fe6bb3ea6ff74e786d6294ac9ec5c229
        • Instruction Fuzzy Hash: D23149712047019BC314DF24E981BAAB3E5FB88B08F10492DF4469B6D1DB78E809CB5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #823lstrcpylstrlen
        • String ID:
        • API String ID: 44751579-0
        • Opcode ID: c831197e19e86c33db242e401afa627c7abecd44246c64530166022ba3cfb408
        • Instruction ID: 10bd4a9e0709d7c02b42896409628c88f9decdd0c53d3bc5eddff358048a5630
        • Opcode Fuzzy Hash: c831197e19e86c33db242e401afa627c7abecd44246c64530166022ba3cfb408
        • Instruction Fuzzy Hash: 10211DB29047009FD320DF39DC8492BB7E8EB89320B054A2EE49AD3790DB34E945CB65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@$free
        • String ID:
        • API String ID: 2241099983-0
        • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
        • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
        • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
        • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
        • SetLastError.KERNEL32(0000139F), ref: 10004CD9
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE9
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
        • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #324.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403A97
        • #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AA9
        • #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AC1
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AD9
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AEB
        • #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AFD
        • #860.MFC42(0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B14
        • #860.MFC42(0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B20
        • #860.MFC42(0041E8F0,0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B34
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#860$#567$#324
        • String ID:
        • API String ID: 1158441897-0
        • Opcode ID: a95bb519680eb604d2f87f4b78b479bec0c8b616c4a3ed5e9557a7423abf3768
        • Instruction ID: b11bbe5b9f5008c842b7bd9153e46446511a7b11a8cf9a04ee6a4d62c60e8a43
        • Opcode Fuzzy Hash: a95bb519680eb604d2f87f4b78b479bec0c8b616c4a3ed5e9557a7423abf3768
        • Instruction Fuzzy Hash: 12218E71644B819EC311EF2688417EBFBD5ABC5704F00491EF49617382CBBD654A8BAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memmove.MSVCR100 ref: 1000753B
        • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,408982D5), ref: 10007636
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,408982D5), ref: 10007664
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,408982D5), ref: 1000766F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
        • String ID: invalid string position$string too long
        • API String ID: 2621357903-4289949731
        • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
        • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction ID: 01a5416ad76a64336723064fc840d625202b6d5d1d61444833dd7ade9053a0ae
        • Opcode Fuzzy Hash: 137ae2f3fac65cd91178a8fd53a2ec10ec6a5155858eb28a355e23967d726218
        • Instruction Fuzzy Hash: BD3150B560030A9FDB18DF69CC9496FB7E6FF84250B158A3DE95AC3344EB30E9118A91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004036E7
        • #1200.MFC42(E' necessario inserire almeno una colonna ..,00000000,00000000), ref: 004036FA
        • #823.MFC42 ref: 00403716
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040373A
        • #825.MFC42(?), ref: 00403763
        • #4853.MFC42 ref: 0040377D
        Strings
        • E' necessario inserire almeno una colonna .., xrefs: 004036F5
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#1200#4853#823#825
        • String ID: E' necessario inserire almeno una colonna ..
        • API String ID: 2659078600-2295075096
        • Opcode ID: 4781e0968b0dcd13aeb482b9cc4d105c7bbd43574a8595e645961413ec56c0a5
        • Instruction ID: 0f66f446edcbd5c05381457d29a633b2db351b7f562a6bfb851817a616f67f4c
        • Opcode Fuzzy Hash: 4781e0968b0dcd13aeb482b9cc4d105c7bbd43574a8595e645961413ec56c0a5
        • Instruction Fuzzy Hash: 3711DCF5600304ABD710EF18EC81BA77BA8FB84711F04456DFC05AB381EB79E9058BA6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 00413D02
        • #3286.MFC42(00000000,?,?,00416E48,000000FF), ref: 00413D13
        • #540.MFC42(00000000,?,?,00416E48,000000FF), ref: 00413D1E
        • #2818.MFC42(?,Click on %d,00000000,00000000,?,?,00416E48,000000FF), ref: 00413D36
        • #1200.MFC42(?,00000000,00000000), ref: 00413D47
        • #800.MFC42 ref: 00413D58
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #1200#2818#3286#540#800MessageSend
        • String ID: Click on %d
        • API String ID: 2456865281-2511729816
        • Opcode ID: 7471b7a4a0cdeabb8f4b66725cab824301a363703fe0a4d97d2e33f68902281a
        • Instruction ID: 7b562fa9a00aa8c1639aa191ac600279ad2aa7481a4e90da7094ea3b6e504851
        • Opcode Fuzzy Hash: 7471b7a4a0cdeabb8f4b66725cab824301a363703fe0a4d97d2e33f68902281a
        • Instruction Fuzzy Hash: 57019E71544741ABD210EF25DC42F86B7E4AB98B20F104B1EB465972D1CBB89548CAAA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,408982D5,?,408982D5,10008EF2), ref: 1000A71D
          • Part of subcall function 1000A670: ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,408982D5,?,408982D5,10008EF2), ref: 1000A740
          • Part of subcall function 1000A670: ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,408982D5), ref: 1000A76E
          • Part of subcall function 1000D240: ??3@YAXPAX@Z.MSVCR100 ref: 1000D24D
          • Part of subcall function 1000D240: memmove.MSVCR100 ref: 1000D274
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009341
        • ??3@YAXPAX@Z.MSVCR100 ref: 100093AF
        • memmove.MSVCR100 ref: 100093D6
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009409
        • ??3@YAXPAX@Z.MSVCR100 ref: 100094E8
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000950C
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009541
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009565
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@$Decref@facet@locale@std@@V123@memmove$?tolower@?$ctype@D@std@@
        • String ID:
        • API String ID: 666130115-0
        • Opcode ID: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction ID: d6409eecbe246477b522489d28038a04a4d9b35d361d7e3d4c0a1cf6a561d2a1
        • Opcode Fuzzy Hash: 77237c98bc86648fce382dcdfac063238bf078d45b6604bb2e11e870cfa8c619
        • Instruction Fuzzy Hash: 1BA1BFB1D042589FEF11CFA8C884ADEBBF5EF48340F24852AE445A7245D735EA45CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF,10016034,?,?,?,?,?,10010B11,000000FF), ref: 0069ED2F
        • SetLastError.KERNEL32(00000000,?,?,?,?,?,10010B11,000000FF), ref: 0069ED3D
        • CancelWaitableTimer.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 0069ED50
        • CloseHandle.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 0069ED8D
        • RtlDeleteCriticalSection.NTDLL(?), ref: 0069EE7D
          • Part of subcall function 00694104: GetCurrentThreadId.KERNEL32 ref: 00694109
          • Part of subcall function 00694104: send.WS2_32(?,1001242C,00000010,00000000), ref: 0069416A
          • Part of subcall function 00694104: SetEvent.KERNEL32(?), ref: 0069418D
          • Part of subcall function 00694104: InterlockedExchange.KERNEL32(?,00000000), ref: 00694199
          • Part of subcall function 00694104: WSACloseEvent.WS2_32(?), ref: 006941A7
          • Part of subcall function 00694104: shutdown.WS2_32(?,00000001), ref: 006941BF
          • Part of subcall function 00694104: closesocket.WS2_32(?), ref: 006941C9
        • RtlDeleteCriticalSection.NTDLL(?), ref: 0069EE87
        • RtlDeleteCriticalSection.NTDLL(?), ref: 0069EF0E
        • CloseHandle.KERNEL32(?), ref: 0069EF4D
          • Part of subcall function 00691704: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00691725
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalDeleteSection$Close$EventHandle$CancelCurrentErrorExchangeInterlockedLastObjectSingleThreadTimerWaitWaitableclosesocketsendshutdown
        • String ID:
        • API String ID: 1398530123-0
        • Opcode ID: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction ID: 409c641bfdc58334012350463f5142ea2bd167190b92b485c1af986bc83f1c86
        • Opcode Fuzzy Hash: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction Fuzzy Hash: A6717EB1A00696ABDB14DFB8CCC8A9AF7ADFF04310F544629E528DB750CB35ED548B90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4710.MFC42 ref: 00403CCC
        • #823.MFC42(00000014), ref: 00403CD3
        • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403D3E
        • #860.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403D7D
        • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403DCF
        • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403DDF
        • #800.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415C63,000000FF), ref: 00403DF9
          • Part of subcall function 004020F0: #823.MFC42(?), ref: 0040211C
        • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 00403E35
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#823$#4710#540#800#860
        • String ID:
        • API String ID: 3628477057-0
        • Opcode ID: 85ff917d9771cb3a6253b16578ae39e37bcee1db4435756c7805e6d182fb84aa
        • Instruction ID: f4154b68333de44a4d6738775d707b59bab23b6c0a68860ccea144a1f20cd1fc
        • Opcode Fuzzy Hash: 85ff917d9771cb3a6253b16578ae39e37bcee1db4435756c7805e6d182fb84aa
        • Instruction Fuzzy Hash: 9D41DD71604702ABD314CF29C851B97BBE9BF88710F148A2EF459A73D1DB38E905CB99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F04
        • LoadLibraryA.KERNEL32(?), ref: 10005F20
        • GetProcessHeap.KERNEL32(00000000,?,?), ref: 10005F46
        • HeapReAlloc.KERNEL32(00000000), ref: 10005F4D
        • GetProcessHeap.KERNEL32(00000000,?), ref: 10005F57
        • HeapAlloc.KERNEL32(00000000), ref: 10005F5E
        • GetProcAddress.KERNEL32(00000000,?), ref: 10005FAB
        • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005FCE
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
        • String ID:
        • API String ID: 1153753045-0
        • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction ID: 639725d520a12f96a9ac537266dd15796de30ad03c8f0809102f2ab076afd855
        • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction Fuzzy Hash: EB416D7560021B9FE710DF69C884B6AB7E8FF4839AF118179E909D7251E736EC10CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 006960A8
        • LoadLibraryA.KERNEL32(?), ref: 006960C4
        • GetProcessHeap.KERNEL32(00000000,?,?), ref: 006960EA
        • RtlReAllocateHeap.NTDLL(00000000), ref: 006960F1
        • GetProcessHeap.KERNEL32(00000000,?), ref: 006960FB
        • RtlAllocateHeap.NTDLL(00000000), ref: 00696102
        • GetProcAddress.KERNEL32(00000000,?), ref: 0069614F
        • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 00696172
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Heap$AllocateHugeProcessRead$AddressLibraryLoadProc
        • String ID:
        • API String ID: 2432896279-0
        • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction ID: 533a773a5c5762a748a9d646841f1fe8b036990bf429b41ad59340bc29159000
        • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction Fuzzy Hash: 63416E75A00316AFEB208F68CC84AAAB7BDFF08319F148169E909D7752D730ED518B90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 00693903
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 0069393C
        • WSACreateEvent.WS2_32 ref: 0069396E
        • gethostbyname.WS2_32(?), ref: 00693978
        • htons.WS2_32(?), ref: 00693991
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 006939AF
        • connect.WS2_32(?,?,00000010), ref: 006939C4
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 006939D3
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 603330298-0
        • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction ID: cb0744dff8e39277a8259929aee339141d8108088ed6c6afa0076d76380b63b2
        • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction Fuzzy Hash: 6F311DB1600319AFEB10DBA4CC85EBBB7B9FB48710F108619FA21977D0D6759A148B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040459B
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004045B4
        • #3092.MFC42(000003F9), ref: 004045BF
        • #4123.MFC42(000003F9), ref: 004045C6
        • #6334.MFC42(00000001,?,000003F9), ref: 004045D8
        • #825.MFC42(?,?,000003F9), ref: 00404630
        • #823.MFC42(?,?,000003F9), ref: 00404643
        • lstrcpyA.KERNEL32(?,?), ref: 00404667
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092#4123#6334#823#825lstrcpy
        • String ID:
        • API String ID: 591287354-0
        • Opcode ID: 9d83ee4001013159810d6786fa0c60dfd91ca5339e5491b1e8d84eee6b67ee24
        • Instruction ID: 80a17df4763ab70293e66287aa8ac1744220159da8843299787d972ab8e78dbb
        • Opcode Fuzzy Hash: 9d83ee4001013159810d6786fa0c60dfd91ca5339e5491b1e8d84eee6b67ee24
        • Instruction Fuzzy Hash: 642126B57402456FE610DB35DC91FD373D9AFC5308F144A2AEA8ADB381E63AE846C784
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F0D
        • #4129.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F37
        • _stricmp.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F40
        • #800.MFC42 ref: 00406F4E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F64
        • #800.MFC42(?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406F7E
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406FA4
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00415FF0,000000FF), ref: 00406FB5
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800$#4129#535_stricmp
        • String ID:
        • API String ID: 2166634664-0
        • Opcode ID: a2544addb05cbb343c3a36800a0f85c9739398498a95d4b94165328b8eba2de4
        • Instruction ID: d8acbc85a40bec6364da642e4d39954ebcb2075cf28dffaba8d871201deb4516
        • Opcode Fuzzy Hash: a2544addb05cbb343c3a36800a0f85c9739398498a95d4b94165328b8eba2de4
        • Instruction Fuzzy Hash: 3D3163311046418FC308DF25D450A9AF7E4BBD8328F05472EF8AA973D0DB38EA46CB56
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 10003F65
        • SetLastError.KERNEL32(0000139F,?,7622DFA0,10003688), ref: 10004054
          • Part of subcall function 10002BA0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 10002BB6
          • Part of subcall function 10002BA0: SwitchToThread.KERNEL32 ref: 10002BCA
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
        • SetEvent.KERNEL32(?), ref: 10003FE9
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
        • WSACloseEvent.WS2_32(?), ref: 10004003
        • shutdown.WS2_32(?,00000001), ref: 1000401B
        • closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 3254528666-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: 33fc8edb3bfa16432b1da941d8e6096b20875d7008fd88c2fc111e4d4adde92b
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: 392148B56007109BE321DF64C888B5BB7F9FB88791F11891CF28297690CBB9F855CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 00694109
        • SetLastError.KERNEL32(0000139F,?,100120A0,0069382C), ref: 006941F8
          • Part of subcall function 00692D44: SwitchToThread.KERNEL32 ref: 00692D6E
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 0069416A
        • SetEvent.KERNEL32(?), ref: 0069418D
        • InterlockedExchange.KERNEL32(?,00000000), ref: 00694199
        • WSACloseEvent.WS2_32(?), ref: 006941A7
        • shutdown.WS2_32(?,00000001), ref: 006941BF
        • closesocket.WS2_32(?), ref: 006941C9
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 518013673-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: cb0276e2219c011aa88787806774e3418573bdfb82b75f7bd34f9dcfc5bc432f
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: CF214BB52007109BEB349F64C888BA7B7FABB44710F14491CF69287B90DB75E856CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004074
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004087
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004090
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004099
          • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,7622DFA0,10003688), ref: 100015D0
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 100040B9
        • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,7622DFA0,10003688), ref: 100040D4
        • SetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004150
        • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004157
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
        • String ID:
        • API String ID: 2266972149-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 0040483C
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00404857
        • #3092.MFC42(000003F7), ref: 00404862
        • #4123.MFC42(000003F7), ref: 00404869
        • #6334.MFC42(00000001,000003F7), ref: 0040488A
        • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040489E
        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004048B2
        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004048C3
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092#4123#6334
        • String ID:
        • API String ID: 515758084-0
        • Opcode ID: 27b31aaaff9f665add95ec845b9ca41f1870026e38080ae08df8bffc08f5618d
        • Instruction ID: de6e141658dd753b76600b78e70d0aba036306c2008a0927bc5dedbedfe20fd0
        • Opcode Fuzzy Hash: 27b31aaaff9f665add95ec845b9ca41f1870026e38080ae08df8bffc08f5618d
        • Instruction Fuzzy Hash: 4B2183753407056BE724EA69CC81FE7B399ABC0708F10461DE645AF2D1DAB4F845C794
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #825.MFC42(?,?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?), ref: 00411FFB
        • GlobalFree.KERNEL32(?), ref: 0041200F
        • GlobalFree.KERNEL32(?), ref: 0041201C
        • DeleteObject.GDI32(?), ref: 0041202C
        • DeleteObject.GDI32(?), ref: 00412036
        • #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412040
        • #686.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 0041204D
        • #2438.MFC42(?,769A3E40,?,?,00000000,00416BB6,000000FF,004078B4,00000002,769A3E40,?,?,00000000,?,?,?), ref: 00412062
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #686DeleteFreeGlobalObject$#2438#825
        • String ID:
        • API String ID: 3662887312-0
        • Opcode ID: 5658109318eb20d28c80caa61ffefc894172925bd88b9a1b815ca946d33af6bc
        • Instruction ID: ce5e02abcbc0d965e706e58c96035ad2eb770dd755496af3e099d46372b212d0
        • Opcode Fuzzy Hash: 5658109318eb20d28c80caa61ffefc894172925bd88b9a1b815ca946d33af6bc
        • Instruction Fuzzy Hash: 04217FB52007418FD320DF1AC980B97BBE8AF98744F04491EE585C3751DBBCE885CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #289.MFC42 ref: 00410460
        • GetDeviceCaps.GDI32 ref: 00410474
        • #5791.MFC42(?,00000000), ref: 00410497
        • RealizePalette.GDI32(00000026), ref: 004104A1
        • InvalidateRect.USER32(00000026,00000000,00000001), ref: 004104B5
        • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68), ref: 004104C7
        • #2379.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68,000000FF), ref: 004104E1
        • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00416A68,000000FF), ref: 004104F4
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #613$#2379#289#5791CapsDeviceInvalidatePaletteRealizeRect
        • String ID:
        • API String ID: 3939794635-0
        • Opcode ID: 7ab01de24c88b5fa363f6aae7a3d7aa987943dcd37bca407fc59203c493bb70d
        • Instruction ID: 0183c5c9ed7ce5bb432c24f5bb3a1dd68d5fb1043291eca5a6f32ff08f01672b
        • Opcode Fuzzy Hash: 7ab01de24c88b5fa363f6aae7a3d7aa987943dcd37bca407fc59203c493bb70d
        • Instruction Fuzzy Hash: 5E11B476640B00ABC324DF18CC81BDA77E4BBC9B20F044A1DB5A6973C0CB789884C75A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 0040398A
        • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 004039A0
        • #3092.MFC42(000003F2,?,004032A2,00000001), ref: 004039AD
        • #4123.MFC42(000003F2,?,004032A2,00000001), ref: 004039B4
        • #3092.MFC42(000003F2,?,004032A2,00000001), ref: 004039C8
        • #4123.MFC42(000003F2,?,004032A2,00000001), ref: 004039CF
        • #3092.MFC42(000003F2,00000000,000003F2,?,004032A2,00000001), ref: 004039E1
        • #2642.MFC42(000003F2,00000000,000003F2,?,004032A2,00000001), ref: 004039E8
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3092$#4123MessageSend$#2642
        • String ID:
        • API String ID: 229567068-0
        • Opcode ID: edf92cb9ceebc25127b3337cff1c8a359ac504b1dc8cd9a205ccb139dcb31b72
        • Instruction ID: 79b34d7e3dc7d3995b3af4a357ac584f2c9c4b55ecf779123128f5e6f0ef02d9
        • Opcode Fuzzy Hash: edf92cb9ceebc25127b3337cff1c8a359ac504b1dc8cd9a205ccb139dcb31b72
        • Instruction Fuzzy Hash: DBF0E771B8071266E925267A5D23FAF118DABC0B15F11042E7682AE2C2DDE8AE42425C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$#2379Child
        • String ID:
        • API String ID: 3424149459-0
        • Opcode ID: 840af436893326072ce61341cc861e574f81ef7736d2f28a011efe0a84b71970
        • Instruction ID: fbc0520036c2bcf1026c8875090776a95f58003a93c593743e252b8b9e280369
        • Opcode Fuzzy Hash: 840af436893326072ce61341cc861e574f81ef7736d2f28a011efe0a84b71970
        • Instruction Fuzzy Hash: ADF04976A007059BC620ABB29C88CAB77ADFFCC358314896EF14187741DB38EC018B68
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000005,?,?,?,10007D4F,?), ref: 10009653
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009668
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000006,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099C1
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000004,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099D4
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(0000000A,10006CA5,00000000,?,100084D0,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 100099F7
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@$??2@
        • String ID:
        • API String ID: 432566381-0
        • Opcode ID: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction ID: b8931feace3fce552cd7dc028dd2a20196b90b2ee431afbed85b6d5b4f70debe
        • Opcode Fuzzy Hash: 1a6fbcb780a30932c42795613ee8c24de05f0339e1a2961d8a0948d0c83ee59b
        • Instruction Fuzzy Hash: 89D12934E089C75FFB55CB24C4A032677E1FF063C4F26805ED69987A9AC725ACA5C782
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001610: vsprintf.MSVCR100 ref: 10001646
        • malloc.MSVCR100 ref: 10002350
        • memcpy.MSVCR100 ref: 10002397
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: mallocmemcpyvsprintf
        • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
        • API String ID: 4208594302-868042568
        • Opcode ID: 332f35ef7b2e4139d4ac4e85d945238f14bc3aceeb568cf29ea9b8f31851e764
        • Instruction ID: 2d637e10643cae3ae86f13c8a9a6f4a8ec5bbbe4351a433474e625fb8ee90fc4
        • Opcode Fuzzy Hash: 332f35ef7b2e4139d4ac4e85d945238f14bc3aceeb568cf29ea9b8f31851e764
        • Instruction Fuzzy Hash: C4B1A375A002059BEB08CF68D8806AE7BF5FF84390F1585AEED499B34AD731ED51CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(408982D5,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 100079B6
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,408982D5,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,408982D5,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
        • String ID:
        • API String ID: 753523128-0
        • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
        • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 10003883
        • SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 100038C4
        • WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 10003931
        • GetCurrentThreadId.KERNEL32 ref: 1000395C
        • GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 100039F4
        • SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 10003A22
        • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 10003A39
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
        • String ID:
        • API String ID: 3058130114-0
        • Opcode ID: 386561f154579a46c4047c4727005d010c28f2c953f1c25df01f3792f9f1ed68
        • Instruction ID: c9627e5440d77a1ecd41674840b08fbe8c8887cffa4f546fa8e64da710b09f17
        • Opcode Fuzzy Hash: 386561f154579a46c4047c4727005d010c28f2c953f1c25df01f3792f9f1ed68
        • Instruction Fuzzy Hash: 6D518EB46007029BF762CF64C981B9BB7E8FF05794F118519E996DB289EBB0F940CB41
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsWindowVisible.USER32(?), ref: 0040E1EB
        • #6215.MFC42(00000000), ref: 0040E1FD
        • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040E239
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040E27C
        • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040E2D3
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040E316
        • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040E338
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: InvalidateRect$MessageSend$#6215VisibleWindow
        • String ID:
        • API String ID: 3841919118-0
        • Opcode ID: 4a9925f08118d706f0880069c3081569475e49809b9651a1575b90b7716ac44c
        • Instruction ID: 59f021c7d3af86106f2900abd0c2fe0c614b015f350e2d27743b6e444487772b
        • Opcode Fuzzy Hash: 4a9925f08118d706f0880069c3081569475e49809b9651a1575b90b7716ac44c
        • Instruction Fuzzy Hash: 2541A0713007059BD614EB26C881EEBB3E9FB84B14F004D1EF999972C1DB74F8458B65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFocus.USER32 ref: 0040C4F2
        • #2864.MFC42(00000000), ref: 0040C4F9
          • Part of subcall function 0040C320: #3797.MFC42 ref: 0040C329
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040C34C
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040C361
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C378
          • Part of subcall function 0040C320: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040C38B
          • Part of subcall function 0040C320: #3293.MFC42(00000000,?,00000000), ref: 0040C3B4
          • Part of subcall function 0040C320: PtInRect.USER32(?,?,?), ref: 0040C3D6
          • Part of subcall function 0040C320: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040C3F6
        • #3286.MFC42(00000000,00000000), ref: 0040C52A
        • #3293.MFC42(00000000,?,00000002,00000000,00000000), ref: 0040C56E
        • #540.MFC42(00000000,00000000), ref: 0040C5B6
        • #800.MFC42 ref: 0040C607
        • #2379.MFC42 ref: 0040C60E
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3293$#2379#2864#3286#3797#540#800FocusRect
        • String ID:
        • API String ID: 3548020944-0
        • Opcode ID: bcf695ea92022afa35c10c3b8e07ac7148fbae847c5efa9a707f471edd676c13
        • Instruction ID: 3e7f0d53cfebf455c41612a786f2edeab7f45459e577ebac52da74e31deb55df
        • Opcode Fuzzy Hash: bcf695ea92022afa35c10c3b8e07ac7148fbae847c5efa9a707f471edd676c13
        • Instruction Fuzzy Hash: 9C4183752047419FD724DB25C891BAFB7E9AFC4714F004A2EF865A33C0DB79E805879A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DA7F
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAAF
        • #3293.MFC42(00000000,?,00000000,76933EB0,?,?,?,?,?,?,?,?,0040CC8D,?), ref: 0040DAC7
        • SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040DAE4
        • GetClientRect.USER32(?,?), ref: 0040DAF3
        • SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040DB14
        • SendMessageA.USER32(?,00001014,?,00000000), ref: 0040DB3F
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$Rect$#3092#3293Client
        • String ID:
        • API String ID: 643703033-0
        • Opcode ID: 1fbe456a7ebcc3675d37b8969356843dd930d5e592d616b0a20be238f0d9d2eb
        • Instruction ID: 2aa8f9b520159156308723dea08d56de589cab47cf0e4b53f78a13a3a7b0ea4e
        • Opcode Fuzzy Hash: 1fbe456a7ebcc3675d37b8969356843dd930d5e592d616b0a20be238f0d9d2eb
        • Instruction Fuzzy Hash: E121C1762443046BD324EB65DC85FABB3E8FBC8714F14092EF645D72C0DAB9E8058B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #567.MFC42(?,?,?,?,?,00415E52,000000FF), ref: 00405AD5
        • #540.MFC42(?,?,?,?,?,00415E52,000000FF), ref: 00405AE4
          • Part of subcall function 00407230: #567.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 0040724E
          • Part of subcall function 00407230: #540.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 00407262
          • Part of subcall function 00407230: #540.MFC42(?,00000000,?,00000000,00416013,000000FF,00405AF6,?,?,?,?,?,00415E52,000000FF), ref: 0040726F
          • Part of subcall function 00407D10: #567.MFC42(?,00405B06,?,?,?,?,?,00415E52,000000FF), ref: 00407D13
          • Part of subcall function 00407D10: GetSysColor.USER32 ref: 00407D27
          • Part of subcall function 00407900: #567.MFC42(?,?,00000000,004160A8,000000FF,00405B16,?,?,?,?,?,00415E52,000000FF), ref: 0040791D
          • Part of subcall function 00407900: #540.MFC42(?,?,00000000,004160A8,000000FF,00405B16,?,?,?,?,?,00415E52,000000FF), ref: 00407933
        • LoadBitmapA.USER32(00000000,00007FE2), ref: 00405B46
        • #858.MFC42(?,?,?,?,?,?,00415E52,000000FF), ref: 00405B56
        • GetSystemMetrics.USER32(00000015), ref: 00405B6F
        • GetSysColor.USER32 ref: 00405B98
        • #800.MFC42 ref: 00405BAC
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#567$Color$#800#858BitmapLoadMetricsSystem
        • String ID:
        • API String ID: 2827053716-0
        • Opcode ID: e632873103d7db792261b9a2dea7c4cbc1ff96e7dd7f587d25d1498ff64e1a6a
        • Instruction ID: b7467bd19d3816234bd1e1c5c60bc03514cd7712f8bdf4ada88f9bfce40f89ce
        • Opcode Fuzzy Hash: e632873103d7db792261b9a2dea7c4cbc1ff96e7dd7f587d25d1498ff64e1a6a
        • Instruction Fuzzy Hash: 03312A70508B818FD321DF29C48179AFFE4BB99714F104A1EE4DA43792C779A548CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CED086A), ref: 1000DC8B
        • _beginthreadex.MSVCR100 ref: 1000DCAB
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • CloseHandle.KERNEL32(?), ref: 1000DCD4
        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseHandleObjectSingleWait$??2@CreateEvent_beginthreadex
        • String ID:
        • API String ID: 2512375702-0
        • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
        • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004024B0: #3092.MFC42(00000000), ref: 004024BD
          • Part of subcall function 00403A70: #324.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403A97
          • Part of subcall function 00403A70: #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AA9
          • Part of subcall function 00403A70: #567.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AC1
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AD9
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AEB
          • Part of subcall function 00403A70: #540.MFC42(00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403AFD
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B14
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B20
          • Part of subcall function 00403A70: #860.MFC42(0041E8F0,0041E8F0,0041E8F0,00000067,?,?,?,?,?,?,?,00415BEB,000000FF), ref: 00403B34
        • #2514.MFC42 ref: 0040F306
        • #800.MFC42 ref: 0040F32F
        • #800.MFC42 ref: 0040F343
        • #800.MFC42 ref: 0040F357
        • #692.MFC42 ref: 0040F36B
        • #616.MFC42 ref: 0040F37C
        • #641.MFC42 ref: 0040F390
          • Part of subcall function 00402290: #3092.MFC42(00000000), ref: 004022A1
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #540#800#860$#3092#567$#2514#324#616#641#692
        • String ID:
        • API String ID: 3582498933-0
        • Opcode ID: de82be39a199a0aac29a14bf7d234da08a210163ba988213936280aadc2773c3
        • Instruction ID: 75a4c19113608dc3b7b285c698f0c983c3d5b2b6a1e54bb991d96a8fd916cef7
        • Opcode Fuzzy Hash: de82be39a199a0aac29a14bf7d234da08a210163ba988213936280aadc2773c3
        • Instruction Fuzzy Hash: 01219D700097929BD335EF20C591BEEB7D4AFA1314F00892EA4EA036C1DBB81588CB5B
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2302.MFC42(?,000003F7,?), ref: 00403C23
        • #2302.MFC42(?,000003F1,?,?,000003F7,?), ref: 00403C35
        • #2370.MFC42(?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C47
        • #2370.MFC42(?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C59
        • #2362.MFC42(?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403C6B
        • #2294.MFC42(?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?), ref: 00403C7B
        • #2370.MFC42(?,000003FE,?,?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?), ref: 00403C8D
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2370$#2302$#2294#2362
        • String ID:
        • API String ID: 465330616-0
        • Opcode ID: f0f1eb00be033539a84b7b6151b586a76a4e3081721901760a4b2bb012b7f7f4
        • Instruction ID: fab9ee1e95a202c8ef61fbbde5b5653753e137523daa6cf07c826fbf21b3596d
        • Opcode Fuzzy Hash: f0f1eb00be033539a84b7b6151b586a76a4e3081721901760a4b2bb012b7f7f4
        • Instruction Fuzzy Hash: 14F031729C0A06BBE123A6518CC2FFB626CDBC2B44F00442EF6456A081DFD829465275
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2B8
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2C5
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2D2
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2DF
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2EC
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C2F9
        • #800.MFC42(?,?,?,004166CF,000000FF), ref: 0040C308
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800
        • String ID:
        • API String ID: 1076129211-0
        • Opcode ID: af08d69fcb9a359c7a7fac98b9dbbdfd106971a924e463a06e5083e51e71604d
        • Instruction ID: a26d71f746f00970137e1268430cbe23096584c85850ad5bb5b7a5ed76c79e18
        • Opcode Fuzzy Hash: af08d69fcb9a359c7a7fac98b9dbbdfd106971a924e463a06e5083e51e71604d
        • Instruction Fuzzy Hash: EC0140300087918BD314EF15C41179ABBD4BB98724F404E4EB4BA06781CBB9A149CB9A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3092.MFC42(00000000), ref: 004022A1
        • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 004022E9
        • #3996.MFC42(00000000,00000000,?,?,?,?,?,00000000), ref: 0040233B
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3092#3996MessageSend
        • String ID:
        • API String ID: 3103698401-0
        • Opcode ID: d4c87fd744f25903f85ed97e2a8a09772249997d086082e4787d407069889f00
        • Instruction ID: 54880b89b3761a31cd98830d76d5d8286962cc73aa68340628581de2a3ddb9c2
        • Opcode Fuzzy Hash: d4c87fd744f25903f85ed97e2a8a09772249997d086082e4787d407069889f00
        • Instruction Fuzzy Hash: DA61D6312006405BD718CF19C954FABBBE6BFC4348F28852ED95A8B3D1C7B5E946CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(000002FF), ref: 10004ECA
        • WSASetLastError.WS2_32(0000139F), ref: 10004EE2
        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,000000FF), ref: 10004EEC
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 20ed7e8d01a7150e049267dcce91a4d68a58944dc7e9a18b6590eadd9273adc7
        • Instruction ID: 5d7e202c9453111bf760a64193654abb888b24a6dd7784caadbc8dba9623b2f2
        • Opcode Fuzzy Hash: 20ed7e8d01a7150e049267dcce91a4d68a58944dc7e9a18b6590eadd9273adc7
        • Instruction Fuzzy Hash: 0D318EB6A04744ABE710CF94DC86B6AB3E8FB48750F01852AFD16C3784DB36E810CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 0069506E
        • WSASetLastError.WS2_32(0000139F), ref: 00695086
        • RtlLeaveCriticalSection.NTDLL(?), ref: 00695090
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 04e2ff4b7ecd456b9c78cffbac91a2c270c552a68ca90944bf69f9b07b301b9f
        • Instruction ID: 968ebeef00f122202c764e847bca085d580d24e0d7badc4411732720e4314688
        • Opcode Fuzzy Hash: 04e2ff4b7ecd456b9c78cffbac91a2c270c552a68ca90944bf69f9b07b301b9f
        • Instruction Fuzzy Hash: F3316C72604744ABDB21DF94DC85FAAB3ADFB59710F10861EF916C6B80E736E810CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
        • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
        • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
        • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
        • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
        • String ID:
        • API String ID: 672040072-0
        • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
        • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 0040761F
        • #3874.MFC42(?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 00407633
        • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 0040764F
        • #6199.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 004076A8
        • #6134.MFC42(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?,00416068), ref: 004076B6
        • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00416068,000000FF), ref: 004076C7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3874#535#540#6134#6199#800
        • String ID:
        • API String ID: 3385152813-0
        • Opcode ID: 5b185957f076a5cb9785e72322fce5d562f8547c8bf5cf6af3e010beae4ac0e7
        • Instruction ID: 6b27b86aa903934d35878d21e2f0a4164fbb5fec8e7951dfae5151c85ed15080
        • Opcode Fuzzy Hash: 5b185957f076a5cb9785e72322fce5d562f8547c8bf5cf6af3e010beae4ac0e7
        • Instruction Fuzzy Hash: 03310575508B419BC310DF28C850AA7BBE5BFC9328F144A5DF4A6473C1D73AA409C795
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: _errno$recvselect
        • String ID:
        • API String ID: 4102763267-0
        • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
        • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040908C
        • #3286.MFC42(00000000,?,?,?,?,00409058), ref: 004090AC
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 004090C7
        • #3286.MFC42(00000000,?,?,?,?,00409058), ref: 004090EC
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 00409107
        • #825.MFC42(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00409058), ref: 0040910D
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3286#6007$#825MessageSend
        • String ID:
        • API String ID: 1838521641-0
        • Opcode ID: 5c3bf531b28dd81e5fff6980d2e46db2b9ddd79369961602f07e0167654c23c1
        • Instruction ID: 990d4de09ee1ee4a537b88ba230a1faeb44605fe654553a657c0c1927e067bf6
        • Opcode Fuzzy Hash: 5c3bf531b28dd81e5fff6980d2e46db2b9ddd79369961602f07e0167654c23c1
        • Instruction Fuzzy Hash: F121B7753403056BE2209A95DC92FA773989BC5714F24406EF755AF3C2CAB5BC41871C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401B8D
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401B9C
        • #3286.MFC42(?), ref: 00401BAA
        • SendMessageA.USER32(?,00001008,?,00000000), ref: 00401BE1
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401BF2
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401C0C
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3286
        • String ID:
        • API String ID: 323715935-0
        • Opcode ID: dd8e8be51a73c453e9cf0640267e416c2e1f19cc8614d93a474b9d234b31dae0
        • Instruction ID: 839f355133ad398dd5420a1e0ed4d3479fb317a0a9a729d10a6bd7873ce536a9
        • Opcode Fuzzy Hash: dd8e8be51a73c453e9cf0640267e416c2e1f19cc8614d93a474b9d234b31dae0
        • Instruction Fuzzy Hash: D8111F323853046BE624CA55DCC1F5BB3A5FB88711F24861EF3455B2C1DAB5F8418768
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3286.MFC42(?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FEF7
        • GetParent.USER32(?), ref: 0040FF0C
        • #2864.MFC42(00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF13
        • #3301.MFC42(?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF51
        • #858.MFC42(00000000,?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF63
        • #800.MFC42(00000000,?,?,?,00000000,?,00000001,?,00416A28,000000FF,0040A6A6,?,00000001,?,?), ref: 0040FF74
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864#3286#3301#800#858Parent
        • String ID:
        • API String ID: 3939703191-0
        • Opcode ID: 4e1f7311891b159ed5df895258011eff8a905c171c8d1df8999c029e4fb9c491
        • Instruction ID: 50fb0357b733e35dfa3a1de6762c1db008e89cac4621cd0756db6465bb5cffcc
        • Opcode Fuzzy Hash: 4e1f7311891b159ed5df895258011eff8a905c171c8d1df8999c029e4fb9c491
        • Instruction Fuzzy Hash: 33214C722046409BC310DB55C880FABB3E8FBC8B24F044A2EF49993780DB38E905CB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Menu$Item$#2546#2863#291Count
        • String ID:
        • API String ID: 667342809-0
        • Opcode ID: 0bff663d3fbe3c8294a197b1b445eb3b55eb6cb83e07f262a4668d9497f7d0da
        • Instruction ID: 6016297503df46aff9d2fa9a9091cfb1e1031c7c64886bb6c59623230f0bd193
        • Opcode Fuzzy Hash: 0bff663d3fbe3c8294a197b1b445eb3b55eb6cb83e07f262a4668d9497f7d0da
        • Instruction Fuzzy Hash: FB119D71508301ABC700DF65DE8499BFBF9EF88310F108A1EF954C3284DAB4E845CBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000913B
        • _CxxThrowException.MSVCR100 ref: 10009153
        Strings
        • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 10008E11, 10008E38
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??0exception@std@@ExceptionThrow
        • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
        • API String ID: 2684170311-3812731148
        • Opcode ID: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction ID: 4ff9fd43ccc38cada941469353b65ddf61956220ecca57f71b677a99dd077398
        • Opcode Fuzzy Hash: c661867a6ceed8abe94a76ae189d2d9564f023c4e947d8c29fada65b384d915e
        • Instruction Fuzzy Hash: 39C19C712082519FEB04CF18C4C4B9A7BE5EF85390F5485A9EC898F24EC775E985CBA2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #2379.MFC42 ref: 00407336
        • GetCursorPos.USER32(?), ref: 00407356
        • ScreenToClient.USER32(?,?), ref: 00407365
        • PostMessageA.USER32(?,00000201,00000000,?), ref: 00407395
        • PostMessageA.USER32(?,00000202,00000000,?), ref: 004073BB
        • SendMessageA.USER32(?,00000445,00000000,00010001), ref: 004073CE
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Message$Post$#2379ClientCursorScreenSend
        • String ID:
        • API String ID: 3824870609-0
        • Opcode ID: 43759374c0e84a8bdead1b8506eab26180574a855a61b34d426c109cb99b8361
        • Instruction ID: 4022b57308e10e17be6ba181eff9c032287b418cfaf535c37964a3ccde5d7d1e
        • Opcode Fuzzy Hash: 43759374c0e84a8bdead1b8506eab26180574a855a61b34d426c109cb99b8361
        • Instruction Fuzzy Hash: 4B11A0766103016FE620DB24DC46FB7B7A4EF85710F208A3EFAA5D72C0D5B4E804D669
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FreeLibrary.KERNEL32(?,?,00000000,1000612A), ref: 1000629F
        • GetProcessHeap.KERNEL32(00000000,?,00000000,1000612A), ref: 100062AE
        • HeapFree.KERNEL32(00000000), ref: 100062B5
        • VirtualFree.KERNEL32(?,00000000,00008000,1000612A), ref: 100062CB
        • GetProcessHeap.KERNEL32(00000000,00000000,1000612A), ref: 100062D4
        • HeapFree.KERNEL32(00000000), ref: 100062DB
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: FreeHeap$Process$LibraryVirtual
        • String ID:
        • API String ID: 3521805120-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: 4e8ae9d798ed328c3ac5cf3a0713134e707d5c220115033f18ab452dde1a0258
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: E5113070600B11EFE660CFA5CC88F1673EAEB89791F20CA18E15697594C774F851CB20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004761
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000476C
        • Sleep.KERNEL32(00000258), ref: 10004779
        • CloseHandle.KERNEL32(?), ref: 10004794
        • CloseHandle.KERNEL32(?), ref: 1000479D
        • Sleep.KERNEL32(0000012C), ref: 100047AE
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
        • String ID:
        • API String ID: 1019945655-0
        • Opcode ID: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction ID: ab300de59104cfa3b6c6a7cb3b929f183dbe93be0b3bbffdefcd2026bf0c7e40
        • Opcode Fuzzy Hash: cf6e498c7dc15b4c562a3fa6ac62875e96bfc131539f4db7987b5ee8364741f9
        • Instruction Fuzzy Hash: FDF030762046146BD610EBA9CC84D4BF3E9EFD9730B218709F26583294CA70FC018BA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BAB
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BBB
        • #800.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BCB
        • #692.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BDB
        • #616.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BE8
        • #641.MFC42(?,?,?,00415C3D,000000FF,00403B68), ref: 00403BF7
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #800$#616#641#692
        • String ID:
        • API String ID: 3167959800-0
        • Opcode ID: a6a548ac666af558a601114be7d606751ee3bc1ce620431d6197f26bbd5e5029
        • Instruction ID: 9356fe4d30173449151c9111659360878b37bf100094ee5e277595a9f08a0152
        • Opcode Fuzzy Hash: a6a548ac666af558a601114be7d606751ee3bc1ce620431d6197f26bbd5e5029
        • Instruction Fuzzy Hash: D9014B70008BD2DFD319EF28C4017DABBD4AB95724F444E4EA4BA423C1DBB85249C7A6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003341
        • Sleep.KERNEL32(00000258), ref: 1000334E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10003356
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003362
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000336A
        • Sleep.KERNEL32(0000012C), ref: 1000337B
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
        • String ID:
        • API String ID: 3137405945-0
        • Opcode ID: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction ID: 009e06f348ae16128d23bb0ec9214422679a084963a6134c51d0f5301ed01227
        • Opcode Fuzzy Hash: 375dffd05537e075e7d33cd597dde6190fae6e300f2d92ab281a43630f89ade2
        • Instruction Fuzzy Hash: FDF01272204714ABD610DBA9CCC4D56F3A8AF99734F218709F365932E0CAB4E805CB60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864#4694#5981#6215FocusVisibleWindow
        • String ID:
        • API String ID: 3178167619-0
        • Opcode ID: 1a6d733d580420b8a493887451b54a175d233f36bab4e684bda8ea655461db2c
        • Instruction ID: a165d9457935810366ad9cd4294938b376cde8f67e12bb8decddcdf3cf695dd6
        • Opcode Fuzzy Hash: 1a6d733d580420b8a493887451b54a175d233f36bab4e684bda8ea655461db2c
        • Instruction Fuzzy Hash: DAF012717046119BC624EB64C855FEF73A89FC4704F04891EB499D7294CEB8DC81C799
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864#4694#5981#6215FocusVisibleWindow
        • String ID:
        • API String ID: 3178167619-0
        • Opcode ID: 92b48fefc58e9c40364ca485f9614c86d8d99a2b07c795cb04c5e147ad0dbb44
        • Instruction ID: 476fabeabf8f2b54f81c640421d316b047c8eab4f50d63546c2fdb15e6869d7a
        • Opcode Fuzzy Hash: 92b48fefc58e9c40364ca485f9614c86d8d99a2b07c795cb04c5e147ad0dbb44
        • Instruction Fuzzy Hash: EAF082317446009BC624EB64D854FEFB3A89BC4700F00881EB455D3284CE78DD818BA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 00695CC6
        • RegSetValueExA.ADVAPI32(?,10012554,00000000,00000001), ref: 00695CEE
        • RegCloseKey.ADVAPI32(?), ref: 00695CF8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1818849710-2058306683
        • Opcode ID: b15f36b06cf252665414ba7193a4e9c211dfddb7d97f155871b61ca86fdeac6f
        • Instruction ID: 3422cde76c24297d4a1cddd1973491fc90809b51a9eba3b6d1df6ce677b28ddc
        • Opcode Fuzzy Hash: b15f36b06cf252665414ba7193a4e9c211dfddb7d97f155871b61ca86fdeac6f
        • Instruction Fuzzy Hash: 6131D26794E2805FE34387285CD55D93F546A2F230F9F01EAD2C25B493E194E64B8331
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: free
        • String ID:
        • API String ID: 1294909896-0
        • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
        • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,408982D5,?,00000000,?,10008EF2), ref: 1000C89C
        • memmove.MSVCR100 ref: 1000C8F5
        • memmove.MSVCR100 ref: 1000C91C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
        • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 0069535A
        • RegCloseKey.ADVAPI32(?), ref: 0069542F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2932200918-2174744495
        • Opcode ID: 73c721a499a5fe2d10a3c1e7f38b20dad448caaf347183109bef55fe409992c5
        • Instruction ID: 1c0d074b88e017c19b6950f9192f4ac8eb98635f8b1d20ba2f32645fc3973bb5
        • Opcode Fuzzy Hash: 73c721a499a5fe2d10a3c1e7f38b20dad448caaf347183109bef55fe409992c5
        • Instruction Fuzzy Hash: 43315471500619ABEF25DB64CC98FEAB7B9EB48704F004199F609A7150EB71EE85CF50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00413BB3
        • #2818.MFC42(?,%d - %d,00000000,00000014), ref: 00413BE6
          • Part of subcall function 00401600: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401625
          • Part of subcall function 00401600: GlobalAlloc.KERNEL32(00000000,?), ref: 00401688
        • #800.MFC42 ref: 00413C0A
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AllocGlobal$#2818#540#800
        • String ID: %d - %d$gfff
        • API String ID: 482294231-2577607064
        • Opcode ID: 20ea6ac1d60ef7a66e114571f87e51866ee7331161c6a18d9328350813a4a48b
        • Instruction ID: 5226f1e5e8bee4439d80068d591ea63fd061d9bad1b2a21548c4d949dd13a3c0
        • Opcode Fuzzy Hash: 20ea6ac1d60ef7a66e114571f87e51866ee7331161c6a18d9328350813a4a48b
        • Instruction Fuzzy Hash: 0C21D4726047159BC214EF1AC941B9BB7E9EBC5B54F004A2EF455AB3C1C738AD08CBE5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #540.MFC42 ref: 00414B63
        • #2818.MFC42(?,%d - %d,00000000,00000014), ref: 00414B96
          • Part of subcall function 00401600: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401625
          • Part of subcall function 00401600: GlobalAlloc.KERNEL32(00000000,?), ref: 00401688
        • #800.MFC42 ref: 00414BBA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AllocGlobal$#2818#540#800
        • String ID: %d - %d$gfff
        • API String ID: 482294231-2577607064
        • Opcode ID: 0bfc905499401adc89ae3956bdaaf5c2165c80bbec4f7dee4c941c1dad39cd3d
        • Instruction ID: 1e69ee15709ad73da1000297df25589689e4e38413c96dd625521d7fb5ec6a7d
        • Opcode Fuzzy Hash: 0bfc905499401adc89ae3956bdaaf5c2165c80bbec4f7dee4c941c1dad39cd3d
        • Instruction Fuzzy Hash: C22107316043119BC210EF1AC841F9BB7E9EBC5B54F004A2EF4559B3C1C738AD05CBA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
        • memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position$string too long
        • API String ID: 4248180022-4289949731
        • Opcode ID: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction ID: 02f1bde33a7f6a4f0b7ca151306c8b86bee2ec7feaee009fa3221f14d761e210
        • Opcode Fuzzy Hash: 8c48fefaad0ea7ddd0a49d9c0e258943e13e554032d9f726ac0611864bab7666
        • Instruction Fuzzy Hash: 1A114C75300A059FEB08EF68EC84A6D77A5FB4429AB11052AFA06CB245D771E990CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 10005B22
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,?,?,?,?,100059D0), ref: 10005B4A
        • RegCloseKey.ADVAPI32(?,?,?,100059D0), ref: 10005B54
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1818849710-2058306683
        • Opcode ID: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction ID: 819d5d2a1fc0f4c9f6ac7309a00d8e73f8ded73d4f4bedadf493881c65ba228f
        • Opcode Fuzzy Hash: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction Fuzzy Hash: ECF0A0B0200218BBF315CB648C99FAB7B6EDB45341F108284FD0597201DA31DA24D7A0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 10005B72
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?,100059E0), ref: 10005B9A
        • RegCloseKey.ADVAPI32(?,?,?,100059E0), ref: 10005BA4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 1818849710-3074452007
        • Opcode ID: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction ID: 89947794390079d247ebce0872158cea3cc74de629c3886990100dc96c3bb93a
        • Opcode Fuzzy Hash: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction Fuzzy Hash: 29F0A0B0600218BBE311DB648C99FBB7BAEDB45342F108284FD0596202DA31DA24DBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 00695CC6
        • RegSetValueExA.ADVAPI32(?,10012554,00000000,00000001), ref: 00695CEE
        • RegCloseKey.ADVAPI32(?), ref: 00695CF8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1818849710-2058306683
        • Opcode ID: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction ID: 3a365cf0ed6ff238c811bc1e4ee3ed94f2115520d5f437da2ff53787f574fa7b
        • Opcode Fuzzy Hash: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction Fuzzy Hash: 22F030B5600258FBEB16CB658C99FBA7B6EDB45701F108289FD069A201DA31DA24D7A0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 00695D16
        • RegSetValueExA.ADVAPI32(?,1001254C,00000000,00000001), ref: 00695D3E
        • RegCloseKey.ADVAPI32(?), ref: 00695D48
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 1818849710-3074452007
        • Opcode ID: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction ID: a6661f3ff35d4a1b672100391fe3d474b7a38ce6f067a1f7e4b38923c64d3807
        • Opcode Fuzzy Hash: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction Fuzzy Hash: C9F0A7B0100218BBE711DB508C9CFB67B6EDB45301F104244FD059B201DA31DA14D750
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
        • String ID:
        • API String ID: 2760534091-0
        • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
        • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,10008EF2,408982D5,?,408982D5,10008EF2), ref: 1000A71D
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,10008EF2,408982D5,?,408982D5,10008EF2), ref: 1000A740
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,10010EA9,000000FF,?,10009321,?,?,00000000,408982D5), ref: 1000A76E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7B3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A7C0
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction ID: 0fa7d05f19d1acb58b9383a605f7864dac9a50907dca70db0252d2cb3e85a45c
        • Opcode Fuzzy Hash: 9c19b6d800b60e648447e9519f3fd59b00ebafd8c92a5a503de52f4a5663852e
        • Instruction Fuzzy Hash: 61514FB5A01259AFEB00DFA8C984B9EBBF5FF49750F108119E805E7345DB70AE41CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,408982D5,?,408982D5,?), ref: 1000CC39
        • ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z.MSVCP100(?,?,?,408982D5,?,408982D5,?), ref: 1000CC5C
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,10010E09,000000FF,?,1000CA00,?,?,408982D5), ref: 1000CC8A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCCF
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000CCDC
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@D@std@@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_?tolower@?$ctype@Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 551958918-0
        • Opcode ID: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction ID: c131282bc4579c986c972f2adb03389835f40558fee83756ef3b82deba687527
        • Opcode Fuzzy Hash: dc0cab21907a7a40ae2be1d135d621615d2b1d9cf0a5392402ae14fc61c8e9e2
        • Instruction Fuzzy Hash: 88512CB5A01259EFEB04DFA8C994B9EBBF5FF48740F108169E805E7345DB70AA01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000D6C8
        • ??0exception@std@@QAE@ABQBD@Z.MSVCR100(80000000,408982D5,00000000,?,00000000,00000000), ref: 1000D6E8
        • _CxxThrowException.MSVCR100 ref: 1000D6FE
          • Part of subcall function 1000D600: ??2@YAPAXI@Z.MSVCR100 ref: 1000D612
          • Part of subcall function 1000D600: ??0exception@std@@QAE@ABQBD@Z.MSVCR100(?), ref: 1000D62D
          • Part of subcall function 1000D600: _CxxThrowException.MSVCR100(?,10013704), ref: 1000D643
        • memcpy.MSVCR100 ref: 1000D740
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000D751
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??0exception@std@@??2@ExceptionThrow$??3@memcpy
        • String ID:
        • API String ID: 1366379292-0
        • Opcode ID: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction ID: 6dedfff981291254d8f0f0f89a0f1b07b51f4c0be1b682e6e92bcdd5696b02d0
        • Opcode Fuzzy Hash: e707ed9dab199fc46342664c79a46afaba9b0813c7549b8030ed37f395194ef3
        • Instruction Fuzzy Hash: AB41BA75D04605AFDB04EF68C98069DB7F4FB042A0F50422AF91A97784E731E950CBB1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • recv.WS2_32(?,?,00000598,00000000), ref: 10003CBF
        • SetLastError.KERNEL32(00000000,?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003CFA
        • GetLastError.KERNEL32(00000000), ref: 10003D45
        • WSAGetLastError.WS2_32(?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003D7B
        • WSASetLastError.WS2_32(0000000D,?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003DA2
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ErrorLast$recv
        • String ID:
        • API String ID: 316788870-0
        • Opcode ID: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction ID: 1e9f8830d608a5492e91579f2a071d5048403b8d015cb3fd95501c97ae0d1e16
        • Opcode Fuzzy Hash: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction Fuzzy Hash: 7631ADB26042508FFB51DF68E8C4B5B77ADFB843A0F118166ED05DB29AD771E8808B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • recv.WS2_32(?,?,00000598,00000000), ref: 00693E63
        • SetLastError.KERNEL32(00000000,?,00000001,?,00693C7B), ref: 00693E9E
        • GetLastError.KERNEL32 ref: 00693EE9
        • WSAGetLastError.WS2_32(?,00000001,?,00693C7B), ref: 00693F1F
        • WSASetLastError.WS2_32(0000000D,?,00000001,?,00693C7B), ref: 00693F46
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: ErrorLast$recv
        • String ID:
        • API String ID: 316788870-0
        • Opcode ID: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction ID: 9ba729468bf91f644690d397fb4ea88fd7cbacfe994b7f96327a4cea4ba28c3b
        • Opcode Fuzzy Hash: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction Fuzzy Hash: 1131B1B26042209FEF64DF68D8C8BAA77AEEB94320F10416BED15CB785D731DD818B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #5290.MFC42(?,?,?,?,?,?,00416148,000000FF), ref: 00407F11
        • #6199.MFC42(?,?,00000028,?,?,?,?,?,00416148,000000FF), ref: 00407FAD
        • #800.MFC42(?,00000028,?,?,?,?,?,00416148,000000FF), ref: 00407FBE
        • TranslateMessage.USER32(?), ref: 00407FC4
        • DispatchMessageA.USER32(?), ref: 00407FCB
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Message$#5290#6199#800DispatchTranslate
        • String ID:
        • API String ID: 1943485823-0
        • Opcode ID: 05e0815e02c6fa808f3a4c7dbf3ddfa7a026ce2e74280052185fdb4f6346410f
        • Instruction ID: 6a571f489149fda51eea508508925741afe715624570bcc1b6af6054ddd1943a
        • Opcode Fuzzy Hash: 05e0815e02c6fa808f3a4c7dbf3ddfa7a026ce2e74280052185fdb4f6346410f
        • Instruction Fuzzy Hash: 5F312871A0C2469BC7109F29C880BA7B796EB95314F14493FF895973C2C73DF886C66A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(?,408982D5,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?,?,10006CA5), ref: 1000C420
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(408982D5,0000002D,?,?,00000000,10010928,000000FF,?,1000B3E8,?,00000000,?,?), ref: 1000C403
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000C435
        • realloc.MSVCR100 ref: 1000C463
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(?,?,10006CA5,00000000,00000000,?,?,10007D4F,?), ref: 1000C472
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: D@std@@Incref@facet@locale@std@@Lockit@std@@$??0_??0bad_cast@std@@??1_??2@?tolower@?$ctype@Bid@locale@std@@Decref@facet@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV123@V42@@Vfacet@locale@2@Xmem@tr1@std@@reallocstd::locale::facet::_
        • String ID:
        • API String ID: 1657136341-0
        • Opcode ID: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction ID: 4099fa0d0876d1a195df608e329946193385f4c805ecebf18ba5ac7bf75522a8
        • Opcode Fuzzy Hash: 08b8afa31738f43928087c3fce2b1f8f638a4ea88f03ce3373b9c851740c2311
        • Instruction Fuzzy Hash: F8315975600705EFE710CF59C890A6ABBF5FF88390F15856DE89A8B751D730E940CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 00694218
          • Part of subcall function 00691634: HeapFree.KERNEL32(?,00000000,?,?,?,00694255,?,00000000,006941DD,?,100120A0,0069382C), ref: 00691651
        • HeapDestroy.KERNEL32(?,?,00000000,006941DD,?,100120A0,0069382C), ref: 0069425D
        • HeapCreate.KERNEL32(?,?,?,?,00000000,006941DD,?,100120A0,0069382C), ref: 00694278
        • SetEvent.KERNEL32(?,?,00000000,006941DD,?,100120A0,0069382C), ref: 006942F4
        • RtlLeaveCriticalSection.NTDLL(?), ref: 006942FB
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
        • String ID:
        • API String ID: 563679510-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: 61527c7b4a2fb507c087d69d35874309b074f954aab99682d4f0e31fbf1558da
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: 71314BB1200A12EFDB49DB74C888B95F7A9FF49310F108259E5298B660DB35F926CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401879
        • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401888
        • #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018A2
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004018BD
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401904
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007
        • String ID:
        • API String ID: 1326147382-0
        • Opcode ID: dc95b10d1ac03377133bc2ce0e0892bfd5b6912d6855aaca4ddd31314cbc86ce
        • Instruction ID: 7ae6f541f274ed11fbd8ec8d923d13e680e71004543c061673d8933437f44df9
        • Opcode Fuzzy Hash: dc95b10d1ac03377133bc2ce0e0892bfd5b6912d6855aaca4ddd31314cbc86ce
        • Instruction Fuzzy Hash: 8B2151727803117BE7349B59CC82F56B3A5AB48B10F25822ABB15BF3D1C6B4FC418798
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 1000F4D8
        • GetThreadDesktop.USER32(00000000), ref: 1000F4DF
        • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 1000F50C
        • SetThreadDesktop.USER32(00000000), ref: 1000F51F
        • CloseDesktop.USER32(00000000), ref: 1000F52A
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: DesktopThread$CloseCurrentInformationObjectUser
        • String ID:
        • API String ID: 2068333509-0
        • Opcode ID: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction ID: e3654efe5a9c41a35c8fe53e000b4725a99ad254c1d46276c4c7e896ea0ff50d
        • Opcode Fuzzy Hash: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction Fuzzy Hash: 2D1186B1900619AFE725CFA4CC85BEEBBB8FB08751F00426DE605D3280DB74AA51DB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 0069F67C
        • GetThreadDesktop.USER32(00000000), ref: 0069F683
        • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 0069F6B0
        • SetThreadDesktop.USER32(00000000), ref: 0069F6C3
        • CloseDesktop.USER32(00000000), ref: 0069F6CE
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: DesktopThread$CloseCurrentInformationObjectUser
        • String ID:
        • API String ID: 2068333509-0
        • Opcode ID: b8ea157c4fc550160d34ef1a493cf333ab379efc9c544d18612d2f6c54bf6db2
        • Instruction ID: fa2ef8e21abd58f44586c59489205e6dc516ae91dfb39cc416ae98b3a32d03bf
        • Opcode Fuzzy Hash: b8ea157c4fc550160d34ef1a493cf333ab379efc9c544d18612d2f6c54bf6db2
        • Instruction Fuzzy Hash: 801186B1A00218AFDB15DFA4CC85BEEB7BCFB08711F01826AE905D7690DB749950CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??2@lstrlenmemset
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 3680187532-3074452007
        • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
        • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 10002C1F
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10002C35
        • TranslateMessage.USER32(?), ref: 10002C44
        • DispatchMessageA.USER32(?), ref: 10002C4A
        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002C58
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
        • String ID:
        • API String ID: 2015114452-0
        • Opcode ID: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction ID: b75dc0117a11b7c765e1435c40dcdf28a4bdf489932a1a838a762226f6e0879c
        • Opcode Fuzzy Hash: 81654ee78addd8d1d55e0df90188b35760f689bbb8a44e920533fd059f18b8b3
        • Instruction Fuzzy Hash: 4901A971A40319B6F614D7948C82FAF736CEB05B90F104511FF00EB0D5D6B4E95187B4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
        • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #535.MFC42(00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406C8A
        • #6199.MFC42(?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18), ref: 00406CA6
        • #6199.MFC42(?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18), ref: 00406CB8
        • InvalidateRect.USER32(?,00000000,00000001,?,00000028,?,00000084,00415FA8,000000FF,0040667F,?,00000000), ref: 00406CC8
        • #800.MFC42(?,00000084,00415FA8,000000FF,0040667F,?,00000000,?,?,?,?,?,?,00415F18,000000FF), ref: 00406CDA
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6199$#535#800InvalidateRect
        • String ID:
        • API String ID: 2250096790-0
        • Opcode ID: 994dc0d4cc4bd0b19c3c6b4cbe4779dd6afa050d2a97fbe218f1acda589aae25
        • Instruction ID: 634250f3fa831751ff8778ded4b0b42ae85be5000a0f035ce208fae3f5b733f6
        • Opcode Fuzzy Hash: 994dc0d4cc4bd0b19c3c6b4cbe4779dd6afa050d2a97fbe218f1acda589aae25
        • Instruction Fuzzy Hash: DF114F71208B42DFD724DF25D990F96B3A4EF94714F108A1EB4AB576D0D738A805CB16
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2379#3803#5981MessageSendWindow
        • String ID:
        • API String ID: 41091615-0
        • Opcode ID: 938f2d6d2c0716070b5f71880c4c4e4aeec20a5d7170676f6fe514862b934ac9
        • Instruction ID: a6108a55450b9066e21ea29c1c483718d018f334913f6b668857db5c292835b3
        • Opcode Fuzzy Hash: 938f2d6d2c0716070b5f71880c4c4e4aeec20a5d7170676f6fe514862b934ac9
        • Instruction Fuzzy Hash: 3AF08C70700A119BD324AB25DC55BAB73A4AB98700B04482EF242D76C0DA39F9018BA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetParent.USER32(?), ref: 0040BEF8
        • #2864.MFC42(00000000,?,0040AAEE,00419F3C), ref: 0040BEFB
        • GetParent.USER32(?), ref: 0040BF0E
        • #2864.MFC42(00000000,?,0040AAEE,00419F3C), ref: 0040BF11
        • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040BF38
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2864Parent$MessageSend
        • String ID:
        • API String ID: 3017527651-0
        • Opcode ID: 0fdc16f344fadf310b5b6b687a2be164fb696145ef7ab9344efbd5f7234ca403
        • Instruction ID: 3d3369169c08cd497077d90b78f729ea48d5ca8660a689fd42c6875071eb4ba2
        • Opcode Fuzzy Hash: 0fdc16f344fadf310b5b6b687a2be164fb696145ef7ab9344efbd5f7234ca403
        • Instruction Fuzzy Hash: 74F062763006009BD6249775DC54EEBB3A9EFC8311B05892EF55597280CA74E8018B68
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10002E1C
        • CancelIo.KERNEL32(?), ref: 10002E26
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 10002E2F
        • closesocket.WS2_32(?), ref: 10002E39
        • SetEvent.KERNEL32(00000001), ref: 10002E43
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: 709f11b2dc8ccf699aafbe62f7b0534b760bdc3690ddac9162a5b626801ec8b5
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: CBF03CB5100710ABE220DB94CD89B56B7F8FB48B11F108A59FA9697690C6B4F914CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 00692FC0
        • CancelIo.KERNEL32(?), ref: 00692FCA
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 00692FD3
        • closesocket.WS2_32(?), ref: 00692FDD
        • SetEvent.KERNEL32(00000001), ref: 00692FE7
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: 7e18f5c1d1a1d39337268e15b66935d4e87d472ff67ec7be201aad8e584761f9
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: 77F031B5100710ABD220DB54CD49B56B7F8FB48B11F108A59F69297690C6B4F514CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004147F0: #324.MFC42(00000082,?,?,?,?,?,?,?,00416F94,000000FF,00414516,00000000), ref: 0041481A
          • Part of subcall function 004147F0: #384.MFC42(00000082,?), ref: 0041482C
          • Part of subcall function 004147F0: #384.MFC42(00000082,?), ref: 0041483B
          • Part of subcall function 004147F0: #2097.MFC42(00000086,00000010,00000000,00FF00FF,00000082), ref: 00414878
          • Part of subcall function 004147F0: #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041488D
          • Part of subcall function 004147F0: #2243.MFC42(0000005A,Times New Roman,00000000,00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,00000082), ref: 0041489D
        • #2514.MFC42 ref: 00414525
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42 ref: 0041455A
        • #686.MFC42 ref: 00414573
        • #686.MFC42 ref: 00414584
        • #641.MFC42 ref: 00414598
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#686$#2097#384$#2243#2514#324#641#800
        • String ID:
        • API String ID: 1563738909-0
        • Opcode ID: a14005c149493bd293a14327aa68ab3f85631f3761d1a8af641123a6442d78e0
        • Instruction ID: 328fc28a92ca30d3b295b4c104a2372331d45d5faf40ecf3b55bfc36585a0dff
        • Opcode Fuzzy Hash: a14005c149493bd293a14327aa68ab3f85631f3761d1a8af641123a6442d78e0
        • Instruction Fuzzy Hash: 6E110574048B80DAD325EF61C589BDEBBE0BB95B14F404B1EA5A9123E1DB785888CB17
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #3797.MFC42(?,00409A2B), ref: 0040C7F3
        • GetDlgItem.USER32(?,00000000), ref: 0040C806
        • #6242.MFC42(00000000,?,?,00409A2B), ref: 0040C810
        • #6215.MFC42(00000000,?,00000000,?,?,00409A2B), ref: 0040C82E
        • #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,00409A2B), ref: 0040C83E
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3797#4284#6215#6242Item
        • String ID:
        • API String ID: 163676089-0
        • Opcode ID: 2c3bfdd1120c5fbe994a1f395f816aa30408533a2e0fe5cee5fb19924655f403
        • Instruction ID: 2408ea8cddacdb7618da9cfe026111adc03aa04f45775504e8b2c428eec548e0
        • Opcode Fuzzy Hash: 2c3bfdd1120c5fbe994a1f395f816aa30408533a2e0fe5cee5fb19924655f403
        • Instruction Fuzzy Hash: 55F0E532740A11E3D620A7249C12FFF7359ABC4705F04452EF2129B1C0CEB8A8C2879C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,?,1000DE2D,?), ref: 10006383
        • memmove.MSVCR100 ref: 100063AF
        • ??3@YAXPAX@Z.MSVCR100 ref: 100063C7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@memmove
        • String ID: vector<T> too long
        • API String ID: 1993728168-3788999226
        • Opcode ID: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction ID: 666fb908681a4cb4fcb84fde5cab495aadc7bf52184e8f2216cd687e136a9d11
        • Opcode Fuzzy Hash: 872066b52b93cc5dfea106d783281baa88bc6912c72efad5d30cbc67ce893369
        • Instruction Fuzzy Hash: 2401D4B16002059FE718CF68CCD982AB7E9EB18240724462DE847C3344E730F950CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: memcpy
        • String ID:
        • API String ID: 3510742995-0
        • Opcode ID: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction ID: 61b773e0558493be9a29dabd4f951307aa74c3da6f26a6b18387d70fbbbfb126
        • Opcode Fuzzy Hash: 293340106a15c383e6148403b35f3045621586e8ed652ffc2c95466217da5966
        • Instruction Fuzzy Hash: E2613B75A01606EFEB48CF69C580AD9B7E5FF48390F50866EE85AC7744EB70E944CB80
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcessHeap.KERNEL32(00000000,?,00000000,006962CE), ref: 00696452
        • HeapFree.KERNEL32(00000000), ref: 00696459
        • VirtualFree.KERNEL32(?,00000000,00008000,006962CE), ref: 0069646F
        • GetProcessHeap.KERNEL32(00000000,00000000,006962CE), ref: 00696478
        • HeapFree.KERNEL32(00000000), ref: 0069647F
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Heap$Free$Process$Virtual
        • String ID:
        • API String ID: 1594822054-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: 1823bee922dcf6360313b4e1f44f12e28732c8b9bd2b0e8e350307d4d4629d7e
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: EC113071200710EFEA30CFA5CC88F5673EAAB48B11F10C518F15687691C774F841CB60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,0069DC23), ref: 0069F297
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,0069DC23), ref: 0069F336
          • Part of subcall function 00691704: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00691725
        • InterlockedExchange.KERNEL32(?,00000000), ref: 0069F4C4
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,0069DC23), ref: 0069F4CA
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
        • String ID:
        • API String ID: 106064292-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 93cbccf9ce3e75dba39c9120b8cb9cd466e8be2a3375a6104d4c061ffd901dad
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: C481C8B0A01A46BFE745DF6AC9C479AFBA8FB09304F50422EE12DC7640D775A964CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AED3
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AF1D
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100 ref: 1000AF6D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000AFB4
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,408982D5,00000000,00000000,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction ID: b77b04452d26876befaaa33bba6244ff55552589dcca94bb0683c8122b0cb0e2
        • Opcode Fuzzy Hash: 449b00f5e2875dfacd6aeb1647be1e99ff031ffd97b3c0092a8184af2a9185d9
        • Instruction Fuzzy Hash: 976164B4A0428A9FEF04DFA4C890BEEBBB1FF45394F108169E815AB345D730AD45CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A40D
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A457
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?), ref: 1000A4A7
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000A4EE
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 10009B60: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,408982D5,00000000,00000000,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41), ref: 10009B90
          • Part of subcall function 10009B60: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 10009BAC
          • Part of subcall function 10009B60: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10009BCB
          • Part of subcall function 10009B60: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 10009C41
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@Decref@facet@locale@std@@Lockit@std@@V123@$??0_??1_Bid@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Locimp@12@
        • String ID:
        • API String ID: 2358051495-0
        • Opcode ID: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction ID: 064e6777206eaa59b6d0f19c807af86857d994d2322ab606cc61307b9a3a3038
        • Opcode Fuzzy Hash: 056202c38db79e4a976b65149065087527ad26e5d749b1621d3dcdd40697216b
        • Instruction Fuzzy Hash: CC616274E002899FEF04DFA8C8947DDBBB1FF4A394F108269E815AB345D770A985CB51
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: 60f58bd7b7a4cb753be2fdb3c24920ccb6a8488a8f807795fae5701310a2e308
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 283191B1600300AFEB60DF68CC85F6A77EEEF89710F144159FA09CB742E6B1E9108B95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0069DEEE
        • Thread32First.KERNEL32(00000000,?), ref: 0069DF05
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 0069DFE6
        • CloseHandle.KERNEL32(00000000), ref: 0069DFF5
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0069E061
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0069E07E
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0069E13D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0069E17C
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0069E1BB
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0069E1FA
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0069E239
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0069E278
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0069E2B7
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0069E2F6
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0069E335
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0069E374
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0069E3B3
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0069E3F2
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0069E431
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0069E481
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0069E495
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0069E4C3
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0069E4E0
        • CloseHandle.KERNEL32(?), ref: 0069E4FE
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0069E519
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
        • String ID:
        • API String ID: 1747700738-0
        • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction ID: 901a544b58c4967ccedfb6c9df4ca057f61c0a2ff469e89c54369392fac2401a
        • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction Fuzzy Hash: 053152B1A002059FDF14CF65C985AAEB7FAFB48715B108A3EE917D7B81E770A940CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM ref: 006945F2
        • InterlockedExchange.KERNEL32(?,00000000), ref: 00694601
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 0069464F
          • Part of subcall function 00694104: GetCurrentThreadId.KERNEL32 ref: 00694109
          • Part of subcall function 00694104: send.WS2_32(?,1001242C,00000010,00000000), ref: 0069416A
          • Part of subcall function 00694104: SetEvent.KERNEL32(?), ref: 0069418D
          • Part of subcall function 00694104: InterlockedExchange.KERNEL32(?,00000000), ref: 00694199
          • Part of subcall function 00694104: WSACloseEvent.WS2_32(?), ref: 006941A7
          • Part of subcall function 00694104: shutdown.WS2_32(?,00000001), ref: 006941BF
          • Part of subcall function 00694104: closesocket.WS2_32(?), ref: 006941C9
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 4080316033-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: c7d0c30c80e044bb2eea589ce2e2cac3c8f937b812fc4d64c4cefeadf1d56e12
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: 60318CB2600704ABD620EF69DC84B97B3E9FF99710F004A0EF58AC3650DA31E815CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(408982D5,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(6CF90A41,408982D5,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
        • realloc.MSVCR100 ref: 1000ADA8
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
        • String ID:
        • API String ID: 614970593-0
        • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
        • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: ObjectSelect$#2864Parent
        • String ID:
        • API String ID: 1399990326-0
        • Opcode ID: c8689ef5a7c8cac20365f2425885433abe2a44d1108151bc809041562ab1a363
        • Instruction ID: 15f46b8a9ea0470eb7eb0db59e30638534b6459c629e3472e09141482f2f0991
        • Opcode Fuzzy Hash: c8689ef5a7c8cac20365f2425885433abe2a44d1108151bc809041562ab1a363
        • Instruction Fuzzy Hash: 152183323001009BCB54DF59C888AEBB3A9FF88711B15446AF985AB391C738EC12CBD9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalFree.KERNEL32(?), ref: 004017A4
        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004017BF
        • GlobalAlloc.KERNEL32(00000040), ref: 004017D9
        • #3286.MFC42(00000000), ref: 004017FD
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Global$#3286AllocFreeMessageSend
        • String ID:
        • API String ID: 2333393167-0
        • Opcode ID: af3ac01dd7baa738893183f4f313676d738051f89685205a3e1073b3764f02bb
        • Instruction ID: 07af90eeff1af71cd945f9cffb9a0e06284ec2ecc1341b1c46cfef73ac42a9d5
        • Opcode Fuzzy Hash: af3ac01dd7baa738893183f4f313676d738051f89685205a3e1073b3764f02bb
        • Instruction Fuzzy Hash: AB2171722007059FC320EF99D8C4D6BB7E9EB48701B04493EF146D7660DB34A944CBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(408982D5,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7BA
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(0000005E,408982D5,0000005E,?,00000005,?,00000000,10010900,000000FF,?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C7D5
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,1000BED7,?,10012890,00000000,0000005E,?), ref: 1000C80F
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(00000000,?,1000BED7,?,10012890,00000000,0000005E,?,?,?), ref: 1000C82A
          • Part of subcall function 10008B50: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(10008769,408982D5,00000000,00000000,?,1000ABBA,00000000,00000000,00000001,?,6CF90A41,00000000,10009965), ref: 10008B55
          • Part of subcall function 1000D120: ??0_Lockit@std@@QAE@H@Z.MSVCP100(00000000,408982D5,?,00000000,00000001,?,6CF90A41,00000000), ref: 1000D14E
          • Part of subcall function 1000D120: ??Bid@locale@std@@QAEIXZ.MSVCP100 ref: 1000D169
          • Part of subcall function 1000D120: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 1000D188
          • Part of subcall function 1000D120: ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP100(?,00000000), ref: 1000D1B1
          • Part of subcall function 1000D120: ??0bad_cast@std@@QAE@PBD@Z.MSVCR100(bad cast,?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1C7
          • Part of subcall function 1000D120: _CxxThrowException.MSVCR100(10013774,10013774), ref: 1000D1D6
          • Part of subcall function 1000D120: ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,10007D4F,?), ref: 1000D1E8
          • Part of subcall function 1000D120: std::locale::facet::_Facet_Register.LIBCPMT ref: 1000D1EF
          • Part of subcall function 1000D120: ??1_Lockit@std@@QAE@XZ.MSVCP100 ref: 1000D201
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: D@std@@$?tolower@?$ctype@Decref@facet@locale@std@@Incref@facet@locale@std@@Lockit@std@@V123@$??0_??0bad_cast@std@@??1_Bid@locale@std@@ExceptionFacet_Getcat@?$ctype@Getgloballocale@locale@std@@Locimp@12@RegisterThrowV42@@Vfacet@locale@2@std::locale::facet::_
        • String ID:
        • API String ID: 2639648381-0
        • Opcode ID: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction ID: 0dae501bc556696bb7c4d7e10b9c2053542ed37b5a19796234fa89d0372f365e
        • Opcode Fuzzy Hash: 6a284c164bc27036cdb149f7c846f4b08b46234479203fd19fc163e45664265a
        • Instruction Fuzzy Hash: 773141B560160AAFEB04DF64C894B6EB7B5FF49750F00C25DE92997394DB34E900CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 100011E9
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
        • memcpy.MSVCR100 ref: 10001243
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001256
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
        • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0040E860: #3092.MFC42(00000000,0040A60D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040E862
          • Part of subcall function 0040E860: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040E878
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DBB6
        • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DBDB
        • #3293.MFC42(?,?,00000000,?,00000000,?), ref: 0040DBFA
        • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DC22
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3092#3293
        • String ID:
        • API String ID: 321520759-0
        • Opcode ID: 5e3df3e569e7818bdded95cbe6a4456cad5093cfb314d850570bc8d8328560f4
        • Instruction ID: d12d205e120f1eb49d295b4a066c6ccf0350d75b0211d872283c61e1aabd6704
        • Opcode Fuzzy Hash: 5e3df3e569e7818bdded95cbe6a4456cad5093cfb314d850570bc8d8328560f4
        • Instruction Fuzzy Hash: D62138B1608301ABD314DF59C881E2BF7E5FBC8758F148A2EF588A7381D674E8458B69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 100043EC
          • Part of subcall function 100012C0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 100012EB
          • Part of subcall function 10001280: memcpy.MSVCR100 ref: 100012A1
          • Part of subcall function 100041E0: EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CED017C,10004C5B,?,?,?,?,00000000,000000FF), ref: 100041E8
          • Part of subcall function 100041E0: LeaveCriticalSection.KERNEL32(10004DBB,?,?,?,00000000,000000FF), ref: 100041F6
          • Part of subcall function 10004A70: HeapFree.KERNEL32(?,00000000,?,00000000,10004C5B,?,100042C8,10004C5B,00000000,?,6CED017C,10004C5B,?), ref: 10004A97
        • SetLastError.KERNEL32(00000000,?), ref: 100043D7
        • SetLastError.KERNEL32(00000057), ref: 10004401
        • WSAGetLastError.WS2_32(?), ref: 10004410
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeavememcpy
        • String ID:
        • API String ID: 993608311-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: c83054a75a0c69128b26031afe2b7a8ad0b6ec7a765fcb7c10a623894899581c
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: 44110676A0512C9BEB00DF69E8846DEB7E8EF882B2B4141B6FC0CD3205DB31DD1186D4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 00694590
          • Part of subcall function 00691464: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 0069148F
          • Part of subcall function 00694384: RtlEnterCriticalSection.NTDLL(00694F5F), ref: 0069438C
          • Part of subcall function 00694384: RtlLeaveCriticalSection.NTDLL(00694F5F), ref: 0069439A
          • Part of subcall function 00694C14: HeapFree.KERNEL32(?,00000000,?,00000000,00694DFF,?,0069446C,00694DFF,00000000,?,100122A8,00694DFF,?), ref: 00694C3B
        • SetLastError.KERNEL32(00000000,?), ref: 0069457B
        • SetLastError.KERNEL32(00000057), ref: 006945A5
        • WSAGetLastError.WS2_32(?), ref: 006945B4
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
        • String ID:
        • API String ID: 2160363220-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: 6f6a09b03b9bba37536b739f2d8e8832f091200e2d341c4aac508d6336c431f4
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: E111A733A0112C9BDF10EF69A8849DEB7ADEB89721B5545AAFC0CD7701DA35CD1186D0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32 ref: 004100E6
        • #6907.MFC42(00000000,?,?,00000000), ref: 004100FF
        • SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 00410113
        • #6907.MFC42(?,?,?,00419F40,?,?), ref: 00410138
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6907MessageSend
        • String ID:
        • API String ID: 3495772279-0
        • Opcode ID: c54e1559d51c5afb4d34dc881bde1bd484b537c2762c494e4e17d70a71b287c5
        • Instruction ID: f9bcfbdfb13ecff40a37b224b4e33d159a941da1e2cde92e1080825855db3606
        • Opcode Fuzzy Hash: c54e1559d51c5afb4d34dc881bde1bd484b537c2762c494e4e17d70a71b287c5
        • Instruction Fuzzy Hash: 55119D713052026BD214EA19DC80DABB3E9FFC8364F444A1EF95897390DB79EC818BA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 1000112F
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
        • memcpy.MSVCR100 ref: 1000117C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
        • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32 ref: 00410046
        • #6907.MFC42(00000000,?,000000FF,00000000), ref: 00410059
        • SendMessageA.USER32(?,0000100D,00000000,00419F40), ref: 0041006D
        • #6907.MFC42(?,?,000000FF,00419F40,?,?), ref: 0041008D
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #6907MessageSend
        • String ID:
        • API String ID: 3495772279-0
        • Opcode ID: 510b392a0d6332e4f4873f4fdbb564b9774c95447bacfd4461a23000c3d3785d
        • Instruction ID: dc864a712261c93fcf170dca1640330c129863e3eb2bd9dfee2ad648ad627b97
        • Opcode Fuzzy Hash: 510b392a0d6332e4f4873f4fdbb564b9774c95447bacfd4461a23000c3d3785d
        • Instruction Fuzzy Hash: E711C6313043126BD214E619DC40EABB7D8EBC8374F04471EF968933D1DA79EC8587A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401AE4
        • #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B19
        • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00401B3C
        • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401B5A
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: MessageSend$#3998#6007
        • String ID:
        • API String ID: 1326147382-0
        • Opcode ID: 15fb5e9df04955d8139b4d5beaebcd6daf4fa60375773543a8c95e47007ee4db
        • Instruction ID: 65168cfb12a8fd8d3a401fb41d0b69fa2b6fab217c9cfb2bdefbdd0278d03a9a
        • Opcode Fuzzy Hash: 15fb5e9df04955d8139b4d5beaebcd6daf4fa60375773543a8c95e47007ee4db
        • Instruction Fuzzy Hash: BD112E75344205BBE324CE44CC82F56B365AB85B14F204619B6256F2C1C6B1F842CBA8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAEventSelect.WS2_32(?,10003ABB,00000023), ref: 10003C02
        • WSAGetLastError.WS2_32 ref: 10003C0D
        • send.WS2_32(?,00000000,00000000,00000000), ref: 10003C58
        • WSAGetLastError.WS2_32 ref: 10003C63
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ErrorLast$EventSelectsend
        • String ID:
        • API String ID: 259408233-0
        • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction ID: 1e34e906bf1f561d7e2ad43756d4eb31c95bef378edec9e2eb53c750d2609e08
        • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction Fuzzy Hash: E7113AB6600B509BE320CB79D8C8A47B7E9FB88750F018A2DF9A6C3695D735E9008B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAEventSelect.WS2_32(00693C5F,00000001,00000023), ref: 00693DA6
        • WSAGetLastError.WS2_32 ref: 00693DB1
        • send.WS2_32(00000001,00000000,00000000,00000000), ref: 00693DFC
        • WSAGetLastError.WS2_32 ref: 00693E07
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: ErrorLast$EventSelectsend
        • String ID:
        • API String ID: 259408233-0
        • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction ID: 252d556eb959129e9bee480f5be5c73691913aa8cfdf44211c12514a06f5f081
        • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction Fuzzy Hash: C31151B16007105BEB209F79D8C8A97B6FABF88710F104A1EF566C7B90D735E911CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,408982D5,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,408982D5,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,?,00000000,00000000), ref: 10007B07
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
        • String ID:
        • API String ID: 3901553425-0
        • Opcode ID: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction ID: efe17ea185d12684d878693edc1b18e8d1ff87ead5748dc24528a512154253e9
        • Opcode Fuzzy Hash: 0d66f02610cb32ddf7a48d5da25bd043cb699dfd9be82cbdc91313d671d818d3
        • Instruction Fuzzy Hash: CC215874B00601DFE714CF98C990AADBBB1FB89354B21829DE91A97391C735EE02CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #4171.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 004092EB
        • #6311.MFC42(00000000,?,00000000,00000000,00408F76,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040931A
        • atoi.MSVCRT ref: 00409324
        • atoi.MSVCRT ref: 00409347
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: atoi$#4171#6311
        • String ID:
        • API String ID: 2874515399-0
        • Opcode ID: 5634b64e660e85bf2a08f1bc62431a10aa0e11623e8f56c37f5376e058f5a749
        • Instruction ID: 4e538b6d0d54c3787feeade5485a61fd55d35725d4af0d967ff2f29effe0b47f
        • Opcode Fuzzy Hash: 5634b64e660e85bf2a08f1bc62431a10aa0e11623e8f56c37f5376e058f5a749
        • Instruction Fuzzy Hash: C211A1353082959FC700CF5EA844BABBB96AFC9310F04897EE89D87342C7349855CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalAlloc.KERNEL32(00000040,00000088,?,-00000001,00412DFE,0041E5D4,000000FD,?,?,?,769A3E40), ref: 00412E72
        • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00412E8C
        • #823.MFC42(00000088,?,?,?,769A3E40), ref: 00412E9A
        • lstrcpyA.KERNEL32(00000008,?,769A3E40), ref: 00412EB6
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: AllocGlobal$#823lstrcpy
        • String ID:
        • API String ID: 3586439457-0
        • Opcode ID: 7e7d2c31a4620e83ed626e225e7b40ae6f9b9f5d1d17a34bd376cbd7f63539d8
        • Instruction ID: b7b0b0cc079fc0364bf160c095c07b476642a0dc7e24dd59a4a16415926b77af
        • Opcode Fuzzy Hash: 7e7d2c31a4620e83ed626e225e7b40ae6f9b9f5d1d17a34bd376cbd7f63539d8
        • Instruction Fuzzy Hash: AB019EB43007409FE354CF29C845B6BB7E4FB98304B00882EF68AC3340EBB4E8558B54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 006958E8
        • Process32First.KERNEL32(00000000,00000128), ref: 006958F8
        • Process32Next.KERNEL32(00000000,00000128), ref: 00695921
        • CloseHandle.KERNEL32(00000000), ref: 00695934
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
        • String ID:
        • API String ID: 420147892-0
        • Opcode ID: cec46aac5fe3cb61888bab4e576d3b82cca15904472a454a76a8808f448acc43
        • Instruction ID: dcf8c21e74b5918dbd4c7017c8a5af58db002bec978b806eeb05b0d6d6cbbbc7
        • Opcode Fuzzy Hash: cec46aac5fe3cb61888bab4e576d3b82cca15904472a454a76a8808f448acc43
        • Instruction Fuzzy Hash: 1C018471601228EFEB229F648D85AFB73BDEF48351F0041A9E90A87241DB70DE55CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(10004DBB,10004C5B,100042BE,00000000,?,6CED017C,10004C5B,?,?,?,?,00000000,000000FF), ref: 100041E8
        • LeaveCriticalSection.KERNEL32(10004DBB,?,?,?,00000000,000000FF), ref: 100041F6
        • LeaveCriticalSection.KERNEL32(10004DBB), ref: 10004257
        • SetEvent.KERNEL32(207E8915), ref: 10004272
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: 96050006febd72b84065b66e0954a009dcf70bb20e51a277782550e92b998592
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: 4911E5B0600B01AFE714DF75C988A96B7F5FF58341B56C92DE55E87225EB30E811CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(00694F5F), ref: 0069438C
        • RtlLeaveCriticalSection.NTDLL(00694F5F), ref: 0069439A
        • RtlLeaveCriticalSection.NTDLL(00694F5F), ref: 006943FB
        • SetEvent.KERNEL32(207E8915), ref: 00694416
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: 9d7b3872baf6c0ac44d8201b85f1afb16f25002a444dfab2c754a4b24a470c0f
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: E911C2B0600B04AFDB24CF75C9D4AE6B7E9BF58300B14C92DE55E87611EB30E812CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM(00000001,?,00000001,?,10003C4F,?,?,00000001), ref: 10004995
        • InterlockedIncrement.KERNEL32(00000001), ref: 100049A4
        • InterlockedIncrement.KERNEL32(00000001), ref: 100049B1
        • timeGetTime.WINMM(?,10003C4F,?,?,00000001), ref: 100049C8
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: IncrementInterlockedTimetime
        • String ID:
        • API String ID: 159728177-0
        • Opcode ID: d480a566bf8ea02440bbfbc18ff1b89ec0723378f9458e3ac105e114cf56c358
        • Instruction ID: 388a31e28c4315a2b80f9eb1b1731ff0b6962f18e2323a641fbf2073ec4b61e2
        • Opcode Fuzzy Hash: d480a566bf8ea02440bbfbc18ff1b89ec0723378f9458e3ac105e114cf56c358
        • Instruction Fuzzy Hash: 07011AB16007059FD720DFAAD88094AFBF8FF58650701892EE549C7711EB74EA448FE4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #470#755ClientRectVisibleWindow
        • String ID:
        • API String ID: 2977826925-0
        • Opcode ID: b1f4e1f25df3d37329986854d6e9019275d49ad15842e48ddad6b849f05959d2
        • Instruction ID: 1519f1119bf27b188b0bf3c5c4b8e9847cb309b54cc179c3bcb244cfd42cd380
        • Opcode Fuzzy Hash: b1f4e1f25df3d37329986854d6e9019275d49ad15842e48ddad6b849f05959d2
        • Instruction Fuzzy Hash: 2B014071204B419BD724DF24C941BEB77E8FB84711F100A2EA4A6932D0DB38E945CF96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: CloseSleep
        • String ID:
        • API String ID: 2834455192-0
        • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction ID: 39cc8fc6b077883dd7dcfc9239238afea0eae5d2b6d27cc82e007f5f15689cfb
        • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction Fuzzy Hash: 0F01D1B1104321FBEA04EBA5CC89E6B77ADEB68304F108908F744964A1E730EC20DB27
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 100036A7
        • free.MSVCR100(?), ref: 100036DC
        • malloc.MSVCR100 ref: 10003718
        • memset.MSVCR100 ref: 10003727
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CreateTimerWaitablefreemallocmemset
        • String ID:
        • API String ID: 3069344516-0
        • Opcode ID: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction ID: e76cd7351c069e8dc2573ffc5f75bc7c557aaaa7039b3712dd61b8e0fe7f7cd0
        • Opcode Fuzzy Hash: 7ffc0e3634f6d55e840263d36cb42b1596663d62b64db215125b675f1c63e2b2
        • Instruction Fuzzy Hash: 7401A9F5900B04DFE360DF7A8885B97BBE9EB45244F10882EE5AE83301C675A8448F20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004024B0: #3092.MFC42(00000000), ref: 004024BD
          • Part of subcall function 00402DB0: #324.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DD5
          • Part of subcall function 00402DB0: #567.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DE7
          • Part of subcall function 00402DB0: #567.MFC42(00000066,?,?,?,?,?,00415AD3,000000FF), ref: 00402DFF
        • #2514.MFC42 ref: 0040F202
        • #692.MFC42 ref: 0040F22B
        • #692.MFC42 ref: 0040F23C
        • #641.MFC42 ref: 0040F250
          • Part of subcall function 00402290: #3092.MFC42(00000000), ref: 004022A1
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #3092#567#692$#2514#324#641
        • String ID:
        • API String ID: 2457609574-0
        • Opcode ID: 8b0c1a5412d35a957c39f2de7a90c47505531eabfef723a9fa47a9d341331637
        • Instruction ID: 5a0283a537d62c20cf679f0c3ddb2408d2df397c9c6cda289bb286ce79eee15f
        • Opcode Fuzzy Hash: 8b0c1a5412d35a957c39f2de7a90c47505531eabfef723a9fa47a9d341331637
        • Instruction Fuzzy Hash: D911A1304447529BC334EB10C455BFAB7D4BF80714F000A3EA0AA53AC2DB7C5445C78A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136A0
        • #686.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136B6
        • #686.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136C6
        • #784.MFC42(?,?,?,?,?,?,?,00413628), ref: 004136D5
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#686$#784#800
        • String ID:
        • API String ID: 3026072876-0
        • Opcode ID: 675f26117ef954a6f93b9afec8f3ef7c8d9fa306aa560c4b23f36852fbedbdad
        • Instruction ID: cc95cc9ff5ba107c2d71315eb9d2b6da0866002cb2946d0adfe30b866be698f6
        • Opcode Fuzzy Hash: 675f26117ef954a6f93b9afec8f3ef7c8d9fa306aa560c4b23f36852fbedbdad
        • Instruction Fuzzy Hash: EE015E70108B82DEC314DF29C4417CAFBE4BFA4724F54491FE4A543392DBB85188CBA6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(00000000,?,?,1000ED78), ref: 1000EE93
        • HeapCreate.KERNEL32(?,?,?,?,?,1000ED78), ref: 1000EEA5
        • free.MSVCR100(?), ref: 1000EEB5
        • HeapDestroy.KERNEL32(?), ref: 1000EEE3
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Heap$Destroyfree$CreateFree
        • String ID:
        • API String ID: 3907340440-0
        • Opcode ID: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction ID: 2b6ea0b1bf14b454bcfa0d9d0ec2d02c0ea479da0eae51473de9a487cb0356fb
        • Opcode Fuzzy Hash: b1509eb4fa1f50dd4b715a8476552b15a61397a13ed41f3b0dd497090e859274
        • Instruction Fuzzy Hash: B5F037F9100652ABE710DF24D848B67BBF8FF84790F118518E96993654DB35E821CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409713
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409729
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409741
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409759
          • Part of subcall function 004096B0: #686.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409799
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097B5
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097D7
          • Part of subcall function 004096B0: #800.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 004097ED
          • Part of subcall function 004096B0: #2414.MFC42(?,?,?,?,?,?,?,?,?,00409698), ref: 00409809
        • #2414.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414604
        • #686.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414617
        • #686.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414624
        • #641.MFC42(?,?,?,?,?,?,?,00416F51,000000FF), ref: 00414633
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#686$#641#800
        • String ID:
        • API String ID: 2903208339-0
        • Opcode ID: 1b792ba0bbb305c2dc51db22c123b59f0714f5ea113a5899614e18a9afdbc8da
        • Instruction ID: 8f4089895f77b8abc982e886fc642f3fbc7342fd6abf2a13a125c5b034eb10d7
        • Opcode Fuzzy Hash: 1b792ba0bbb305c2dc51db22c123b59f0714f5ea113a5899614e18a9afdbc8da
        • Instruction Fuzzy Hash: 4801B170004B82DFC311DF19C44138ABFE4AFA0720F500A0EE491437A2CBB89188CB96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
        • _beginthreadex.MSVCR100 ref: 1000F46F
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
        • CloseHandle.KERNEL32(?), ref: 1000F48A
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
        • String ID:
        • API String ID: 92035984-0
        • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
        • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414
        • String ID:
        • API String ID: 3739888808-0
        • Opcode ID: b43ad747ddb974d1523d16e339f9a3478cdd00430e4c233c5f89384e193527c7
        • Instruction ID: 93b45de41bcc5ba9fdbd138b294598631825f68be7c5dcfd1f45a7b6625ac36f
        • Opcode Fuzzy Hash: b43ad747ddb974d1523d16e339f9a3478cdd00430e4c233c5f89384e193527c7
        • Instruction Fuzzy Hash: C4F05E34701702E7DB39FB268590BFB73A86F01704748C41F996AC6351DB2AE882C6A8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2379#2864#5981Parent
        • String ID:
        • API String ID: 1933159328-0
        • Opcode ID: d30cba25ed0dab19cb902c3ba0322cde77d5064d46c98209e01d518f1e872683
        • Instruction ID: fcaf373daaa2658889019310cbe4dff29400d948bb2b958b6c98e6fd2191a6cc
        • Opcode Fuzzy Hash: d30cba25ed0dab19cb902c3ba0322cde77d5064d46c98209e01d518f1e872683
        • Instruction Fuzzy Hash: 7ED0127690410097C614ABA58448DEE3755FB94308B54495FF454DA152CB7ED881CA1E
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2379#2864#5981Parent
        • String ID:
        • API String ID: 1933159328-0
        • Opcode ID: d7e734f5d25ea9c1470851c901eea40d5330e1e85b6d7369b3846af47297b0cb
        • Instruction ID: c0d70dc072b2510f590ba786235cd8a71ecdbcf86b2f1744455a9fd37a4cb7d7
        • Opcode Fuzzy Hash: d7e734f5d25ea9c1470851c901eea40d5330e1e85b6d7369b3846af47297b0cb
        • Instruction Fuzzy Hash: 2ED0C7B6900604DBCA00BBB194099DE7795BBD4309F50C4AEF4595B142CB7E8452CF19
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: Cursor$#1168#2379Load
        • String ID:
        • API String ID: 1099151914-0
        • Opcode ID: abeb859472e598c54423de924772c2d2d2ed392454b94daad15af5100491cf39
        • Instruction ID: 7644bc87213bd79a3cd947c37665fd61c37f95182656d3fb1eceac38ebd14046
        • Opcode Fuzzy Hash: abeb859472e598c54423de924772c2d2d2ed392454b94daad15af5100491cf39
        • Instruction Fuzzy Hash: 6AD0C93DA483409AE6016BB16C09FDE3714BBA170AF2480AEB559592C2C96A4052C939
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2379#2864#5981Focus
        • String ID:
        • API String ID: 3515412747-0
        • Opcode ID: a0b1e324b5e0ff02e583b99e54f571aa0f616b567de08cc82e74d559d0c82ca0
        • Instruction ID: e32edee88dd4a72563682126d0a75ab8824ba07c28201cf303c44bf40dea7885
        • Opcode Fuzzy Hash: a0b1e324b5e0ff02e583b99e54f571aa0f616b567de08cc82e74d559d0c82ca0
        • Instruction Fuzzy Hash: 41C08C37A01830CB896533B12C258EE12088BC9B0830588AFF40587289CEBC8CC24ADE
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
        • memcpy.MSVCR100 ref: 1000D514
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: string too long
        • API String ID: 4248180022-2556327735
        • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
        • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
        • memcpy.MSVCR100 ref: 1000D8B2
          • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
          • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
          • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
        • String ID: string too long
        • API String ID: 433638341-2556327735
        • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
        • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,408982D5,15555555,?,?,?,00000000), ref: 10008C1D
        • ??3@YAXPAX@Z.MSVCR100 ref: 10008C78
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: ??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2313657577-3788999226
        • Opcode ID: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction ID: fb7adf7a1d09ac6a26db31f93637622f031e953306e888bd675b0b75f72f74ca
        • Opcode Fuzzy Hash: 9a83d36fbfb638db961d7a31547c514b1997ce75b6eecc0e1d04d2e11d5e090a
        • Instruction Fuzzy Hash: A4218EB6A00606AFD704DF5CC980E9AB7F4FB88350F518629E9159B384DB30AA14CBD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
          • Part of subcall function 1000D7C0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,1000D897,00000000,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D7CA
        • memcpy.MSVCR100 ref: 1000D433
        Strings
        • invalid string position, xrefs: 1000D3D2
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: invalid string position
        • API String ID: 4248180022-1799206989
        • Opcode ID: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction ID: 52917fc2c828b592c0c48c691309feb71193cfbfd6d654fc01bcf82dc82b710e
        • Opcode Fuzzy Hash: df7d152df127735749b44c329bdd5476570f8b5ed3841f538e0551897f30d81d
        • Instruction Fuzzy Hash: B311CE363002119BE714EE6CE8C0AADB7A6FB942A0B54022FF545CB645D771F994C7F1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • gethostname.WS2_32(?,00000100), ref: 006966DC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096207169.000000000068E000.00000040.00000020.00020000.00000000.sdmp, Offset: 0068E000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_68e000_setup.jbxd
        Similarity
        • API ID: gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 144339138-2058306683
        • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction ID: 86851871699bd069841b35480347ede3e05f7b6c58cd882cd594728f2ac51f10
        • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction Fuzzy Hash: 90110BB0A412259FEB11EF24CC91B6D77B9EF49300F1080A9F608A7291E770DA55CF5A
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,?,?,1000767F,?,408982D5), ref: 1000D2C8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xlength_error@std@@
        • String ID: string too long
        • API String ID: 1004598685-2556327735
        • Opcode ID: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction ID: 7c290e37c21cc128044187aa2d57a67ac510d619e09b39ca63a5e6919b49c54c
        • Opcode Fuzzy Hash: 3c131e6b9e6b17594a7e0cc3f14dc45da2350b39c1dba3c0898a3188cf6e27a3
        • Instruction Fuzzy Hash: 36118271305641DFF724EE5C9980B1DB7A9FF61290F14012BF9128B295D7B1EA90C6B2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,?,1000D3F8,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D34F
        • memmove.MSVCR100 ref: 1000D386
        Strings
        • invalid string position, xrefs: 1000D34A
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: Xout_of_range@std@@memmove
        • String ID: invalid string position
        • API String ID: 1894236298-1799206989
        • Opcode ID: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction ID: 7c4033c306467bb4ef33dfaef203c6491ed6da220de6590d554043c3ccb312a9
        • Opcode Fuzzy Hash: e6aaa160f3b63e3508c7893998a553bedfdfc6d2f201c62153f70d28e87497b3
        • Instruction Fuzzy Hash: 8F0171B13046008BE721DA6CEC8861EB7E6EBC1680B254A1DE182C764DD671DD828762
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #860.MFC42 ref: 00413748
        • SetRect.USER32(?,0000000F,0000000A,0000000A,0000000A), ref: 0041375C
          • Part of subcall function 00410550: #2414.MFC42 ref: 0041056A
          • Part of subcall function 00410550: #2414.MFC42 ref: 00410580
          • Part of subcall function 00410550: #2414.MFC42 ref: 00410596
          • Part of subcall function 00410550: #2414.MFC42 ref: 004105AC
          • Part of subcall function 00410550: GetDeviceCaps.GDI32(?,0000000A), ref: 004105C1
          • Part of subcall function 00410550: GetDeviceCaps.GDI32(?,00000008), ref: 004105CD
          • Part of subcall function 00410550: SetRect.USER32(?,00000000,00000000,00000000,?), ref: 004105E1
          • Part of subcall function 00410550: DPtoLP.GDI32(?,?,00000002), ref: 004105EE
          • Part of subcall function 00410550: #3908.MFC42(?), ref: 00410647
          • Part of subcall function 00410550: #3908.MFC42(?,?), ref: 00410653
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.2095669602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.2095652952.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095723053.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095740183.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.2095756525.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_400000_setup.jbxd
        Similarity
        • API ID: #2414$#3908CapsDeviceRect$#860
        • String ID: here's the data name
        • API String ID: 3079116590-3511830258
        • Opcode ID: 8619c5fff9c4a79fee2a3775f34b3be6f997dcfe6bfe4b09a72992116e738401
        • Instruction ID: 27673d4f9ffca9e8097bc8676f97decaacbf51bd08d65f14ba44668c9589ae43
        • Opcode Fuzzy Hash: 8619c5fff9c4a79fee2a3775f34b3be6f997dcfe6bfe4b09a72992116e738401
        • Instruction Fuzzy Hash: C8E0DF35600300BAE220EB20DC8AFD7B3A8EB68700F10881EB55A161C0DBB8B980CB25
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
        • memset.MSVCR100 ref: 10005D11
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
        • memcpy.MSVCR100 ref: 10005D39
        Memory Dump Source
        • Source File: 00000000.00000002.2096666610.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000000.00000002.2096652927.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096689216.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096712024.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000000.00000002.2096728019.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_10000000_setup.jbxd
        Similarity
        • API ID: AllocVirtual$memcpymemset
        • String ID:
        • API String ID: 2542864682-0
        • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
        • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Execution Graph

        Execution Coverage:6.5%
        Dynamic/Decrypted Code Coverage:94%
        Signature Coverage:0%
        Total number of Nodes:1365
        Total number of Limit Nodes:14
        execution_graph 14729 1000f3b0 SetEvent 14730 1000f401 14729->14730 14731 1000f3fc 14729->14731 14735 1000d9b0 14730->14735 14755 1000f560 OpenInputDesktop 14731->14755 14761 100105c0 14735->14761 14738 1000da38 GetLastError 14739 1000da5b 14738->14739 14740 1000da45 ReleaseMutex CloseHandle exit 14738->14740 14763 10002c70 WSAStartup CreateEventA InterlockedExchange 14739->14763 14740->14739 14744 1000da7f 14745 1000daa0 GetTickCount 14744->14745 14746 1000dabb GetTickCount 14744->14746 14787 10002e60 ResetEvent InterlockedExchange timeGetTime socket 14745->14787 14747 1000daf1 CreateEventA 14746->14747 14750 1000db5c 14747->14750 14748 1000db64 ??2@YAPAXI 14748->14750 14750->14748 14751 1000dba9 14750->14751 14798 10006970 GetModuleHandleW 14750->14798 14752 1000dbd0 TerminateThread CloseHandle 14751->14752 14753 1000dbf8 CloseHandle 14751->14753 14752->14752 14752->14753 14753->14745 14756 1000f5af 14755->14756 14760 1000f5c1 14755->14760 15889 1000f4a0 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 14756->15889 14759 1000f5ba CloseDesktop 14759->14760 14760->14730 14762 1000d9cf wsprintfA CreateMutexA 14761->14762 14762->14738 14762->14739 14873 1000fb3c 14763->14873 14765 10002d06 14766 1000f0b0 CreateEventA 14765->14766 14767 1000f107 14766->14767 14769 1000f111 14766->14769 14892 10001560 _CxxThrowException DeleteCriticalSection 14767->14892 14879 1000ee00 HeapCreate 14769->14879 14772 1000f1a0 14893 10001560 _CxxThrowException DeleteCriticalSection 14772->14893 14773 1000f1aa CreateEventA 14774 1000f1e3 14773->14774 14775 1000f1ed CreateEventA 14773->14775 14894 10001560 _CxxThrowException DeleteCriticalSection 14774->14894 14778 1000f212 CreateEventA 14775->14778 14779 1000f208 14775->14779 14781 1000f237 14778->14781 14782 1000f22d 14778->14782 14895 10001560 _CxxThrowException DeleteCriticalSection 14779->14895 14885 1000ef10 InitializeCriticalSectionAndSpinCount 14781->14885 14896 10001560 _CxxThrowException DeleteCriticalSection 14782->14896 14786 1000f354 14786->14744 14788 10002ec9 14787->14788 14789 10002ede gethostbyname 14787->14789 14790 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14788->14790 14789->14788 14791 10002eeb htons connect 14789->14791 14792 10002ed8 14790->14792 14791->14788 14793 10002f21 setsockopt setsockopt setsockopt setsockopt 14791->14793 14792->14744 14794 10002fd0 InterlockedExchange _beginthreadex _beginthreadex 14793->14794 14795 10002f9c WSAIoctl 14793->14795 14796 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14794->14796 14795->14794 14797 10003022 14796->14797 14797->14744 14799 100069f8 OutputDebugStringA memset memset gethostname gethostbyname 14798->14799 14800 100069df GetProcAddress 14798->14800 14802 10006a53 inet_ntoa strcat_s strcat_s 14799->14802 14803 10006aee inet_addr 14799->14803 14800->14799 14801 100069ef 14800->14801 14801->14799 14802->14803 14805 10006a9c 14802->14805 14804 10006b0a wsprintfA 14803->14804 14900 10006480 memset memset 14804->14900 14807 10006aa0 inet_ntoa strcat_s strcat_s 14805->14807 14807->14803 14807->14807 14811 10006b8a 14925 100067d0 InternetOpenA 14811->14925 14814 1000d460 15 API calls 14815 10006bc8 ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14814->14815 14816 10006c38 14815->14816 14942 10008310 14816->14942 14818 10006cb5 14946 10007cc0 ??2@YAPAXI 14818->14946 14823 10006e92 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ ??2@YAPAXI 14824 10006f0b 14823->14824 14827 10008310 strchr 14824->14827 14829 10006f88 14827->14829 14831 10007cc0 148 API calls 14829->14831 14830 10006dfd 14832 10006e14 14830->14832 14833 10006e07 ??3@YAXPAX 14830->14833 14837 10006f90 14831->14837 14834 10006e61 strncpy 14832->14834 14835 10006e28 14832->14835 14833->14832 14834->14835 14835->14823 14836 10006e82 ??3@YAXPAX 14835->14836 14836->14823 14838 10007b50 96 API calls 14837->14838 14839 10007067 14838->14839 14840 10007165 9 API calls 14839->14840 14844 10007770 26 API calls 14839->14844 14841 1000724e 14840->14841 14842 1000726e 14841->14842 14843 10007252 capGetDriverDescriptionA 14841->14843 14972 10006550 memset 14842->14972 14843->14841 14843->14842 14845 100070a6 14844->14845 14846 1000d3c0 13 API calls 14845->14846 14847 100070d2 14846->14847 14849 100070e9 14847->14849 14850 100070dc ??3@YAXPAX 14847->14850 14854 10007134 strncpy 14849->14854 14856 100070fd 14849->14856 14850->14849 14852 100072a3 wsprintfA 14853 100072b6 OutputDebugStringA 14852->14853 14979 10003190 GetCurrentThreadId 14853->14979 14854->14856 14856->14840 14858 10007155 ??3@YAXPAX 14856->14858 14857 100072f3 ??3@YAXPAX 14861 100072f9 14857->14861 14858->14840 14859 10007349 14862 1000735d ??3@YAXPAX 14859->14862 14867 10007363 14859->14867 14860 1000733f ?_Decref@facet@locale@std@@QAEPAV123 14860->14859 14861->14859 14861->14860 14862->14867 14863 100073a9 ?_Decref@facet@locale@std@@QAEPAV123 14864 100073b3 14863->14864 14865 100073d6 14864->14865 14866 100073ca ??3@YAXPAX 14864->14866 14868 10007400 14865->14868 14869 100073f4 ??3@YAXPAX 14865->14869 14866->14865 14867->14863 14867->14864 14870 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14868->14870 14869->14868 14871 1000741e 14870->14871 14871->14750 14874 1000fb44 14873->14874 14875 1000fb46 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 14873->14875 14874->14765 14877 10010137 _crt_debugger_hook 14875->14877 14878 1001013f GetCurrentProcess TerminateProcess 14875->14878 14877->14878 14878->14765 14880 1000ee31 14879->14880 14881 1000ee27 14879->14881 14883 1000ee55 free 14880->14883 14884 1000ee6e InitializeCriticalSectionAndSpinCount 14880->14884 14897 10001560 _CxxThrowException DeleteCriticalSection 14881->14897 14883->14884 14884->14772 14884->14773 14886 1000ef71 14885->14886 14887 1000ef7b InitializeCriticalSectionAndSpinCount 14885->14887 14898 10001560 _CxxThrowException DeleteCriticalSection 14886->14898 14889 1000ef93 InterlockedExchange timeGetTime CreateEventA CreateEventA 14887->14889 14890 1000ef89 14887->14890 14889->14786 14899 10001560 _CxxThrowException DeleteCriticalSection 14890->14899 14892->14769 14893->14773 14894->14775 14895->14778 14896->14781 14897->14880 14898->14887 14899->14889 14901 100064fc 14900->14901 14902 100064ed ??2@YAPAXI 14900->14902 15010 1000f5f0 memset memset RegOpenKeyExA 14901->15010 14902->14901 14905 10006532 gethostname 14906 1000653e lstrlenA 14905->14906 14907 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14906->14907 14908 1000654c OutputDebugStringA 14907->14908 14909 1000d460 14908->14909 14910 1000d4bb 14909->14910 14915 1000d46e 14909->14915 14911 1000d4c0 ?_Xlength_error@std@@YAXPBD 14910->14911 14912 1000d4cb 14910->14912 14911->14912 14913 1000d4dd 14912->14913 15028 1000d650 14912->15028 14916 1000d511 memcpy 14913->14916 14920 1000d4ef 14913->14920 14915->14910 14917 1000d490 14915->14917 14916->14920 14918 1000d495 14917->14918 14919 1000d4a8 14917->14919 14921 1000d3c0 13 API calls 14918->14921 14922 1000d3c0 13 API calls 14919->14922 14920->14811 14923 1000d4a2 14921->14923 14924 1000d4b5 14922->14924 14923->14811 14924->14811 14926 10006842 InternetOpenUrlA 14925->14926 14927 10006818 14925->14927 14930 10006860 InternetCloseHandle 14926->14930 14931 1000687c InternetReadFile 14926->14931 15060 10007900 14927->15060 14930->14927 14933 100068b6 14931->14933 14937 100068ed 14931->14937 14933->14937 15044 1000d810 14933->15044 14934 10006947 14935 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14934->14935 14938 10006961 14935->14938 14940 10006922 InternetCloseHandle InternetCloseHandle 14937->14940 14938->14814 14939 100068d3 InternetReadFile 14939->14933 14939->14937 14940->14934 14941 10006937 ??3@YAXPAX 14940->14941 14941->14934 14943 10008327 14942->14943 14945 1000831a 14942->14945 14944 10008335 strchr 14943->14944 14943->14945 14944->14945 14945->14818 14947 10007d03 14946->14947 15088 100084b0 14947->15088 14950 10007d64 15103 100086b0 14950->15103 14951 10007d59 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 14951->14950 14954 10006cbd 14955 10007b50 14954->14955 14956 10007b91 14955->14956 14965 10007b8a 14955->14965 15639 10007e30 14956->15639 14958 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14960 10006d92 14958->14960 14959 10007bb9 15642 100081d0 14959->15642 14960->14823 14994 10007770 14960->14994 14963 10007c5a 14964 10007c85 ?_Decref@facet@locale@std@@QAEPAV123 14963->14964 14963->14965 14964->14965 14965->14958 14967 10007c4b 14969 100081d0 92 API calls 14967->14969 14968 100081d0 92 API calls 14970 10007c04 14968->14970 14969->14963 14970->14963 14970->14967 14970->14968 14971 10007ef0 76 API calls 14970->14971 14971->14970 14973 100065d7 14972->14973 14974 100065c8 ??2@YAPAXI 14972->14974 14975 1000f5f0 22 API calls 14973->14975 14974->14973 14976 100065f9 lstrlenA 14975->14976 14977 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 14976->14977 14978 1000660d 14977->14978 14978->14852 14978->14853 14980 100031be 14979->14980 14981 100031a8 14979->14981 15845 10001100 14980->15845 14982 100031b0 InterlockedExchange 14981->14982 14982->14980 14982->14982 14984 100031df 14985 10001100 4 API calls 14984->14985 14986 10003206 14985->14986 15853 10001060 14986->15853 14992 1000325f GetCurrentThreadId 14993 1000326f OutputDebugStringA 14992->14993 14993->14857 14993->14861 15872 100077e0 14994->15872 14997 1000d3c0 14998 1000d3d2 ?_Xout_of_range@std@@YAXPBD 14997->14998 14999 1000d3dd 14997->14999 14998->14999 15000 1000d409 14999->15000 15001 1000d3eb 14999->15001 15003 1000d7c0 9 API calls 15000->15003 15884 1000d340 15001->15884 15007 1000d410 15003->15007 15005 1000d340 2 API calls 15006 1000d401 15005->15006 15006->14830 15008 1000d42e memcpy 15007->15008 15009 1000d444 15007->15009 15008->15009 15009->14830 15011 1000f6a8 15010->15011 15022 1000f699 15010->15022 15013 1000f709 RegQueryValueExA 15011->15013 15014 1000f79e RegQueryValueExA 15011->15014 15015 1000f6bf RegQueryValueExA 15011->15015 15016 1000f7df RegQueryValueExA 15011->15016 15011->15022 15013->15022 15023 1000f740 15013->15023 15017 1000f7d1 wsprintfA 15014->15017 15014->15022 15019 1000f6f6 lstrcpyA 15015->15019 15015->15022 15016->15017 15016->15022 15017->15022 15018 1000f838 15021 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15018->15021 15019->15022 15026 10006522 lstrlenA 15021->15026 15027 1000f85a RegCloseKey RegCloseKey 15022->15027 15024 1000f755 strncat strncat strchr 15023->15024 15025 1000f78b lstrcpyA 15023->15025 15024->15023 15025->15022 15026->14905 15026->14906 15027->15018 15029 1000d68b 15028->15029 15030 1000d6c7 ??2@YAPAXI 15029->15030 15031 1000d6da ??0exception@std@@QAE@ABQBD _CxxThrowException 15029->15031 15034 1000d6d5 15029->15034 15030->15031 15030->15034 15039 1000d600 15031->15039 15032 1000d748 15035 1000d75a 15032->15035 15036 1000d74e ??3@YAXPAX 15032->15036 15034->15032 15038 1000d73a memcpy 15034->15038 15035->14913 15036->15035 15038->15032 15040 1000d648 15039->15040 15041 1000d60c 15039->15041 15040->14913 15042 1000d611 ??2@YAPAXI 15041->15042 15043 1000d61f ??0exception@std@@QAE@ABQBD _CxxThrowException 15041->15043 15042->15040 15042->15043 15043->15040 15045 1000d86f 15044->15045 15048 1000d81e 15044->15048 15046 1000d88a 15045->15046 15047 1000d87f ?_Xlength_error@std@@YAXPBD 15045->15047 15057 1000d8c3 15046->15057 15082 1000d7c0 15046->15082 15047->15046 15048->15045 15051 1000d840 15048->15051 15050 1000d897 15054 1000d8a7 memcpy 15050->15054 15050->15057 15052 1000d845 15051->15052 15053 1000d85a 15051->15053 15073 1000d550 15052->15073 15056 1000d550 12 API calls 15053->15056 15054->15057 15059 1000d869 15056->15059 15057->14939 15059->14939 15061 10007940 15060->15061 15062 100079b4 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12 15061->15062 15066 100079bc 15061->15066 15062->15066 15064 10007a2c ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J 15067 100079d7 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N ?uncaught_exception@std@ 15064->15067 15068 10007a4b 15064->15068 15065 10007a22 15065->15064 15065->15067 15066->15064 15066->15065 15066->15067 15071 100079ff ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 15066->15071 15069 10007a97 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 15067->15069 15070 10006830 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z 15067->15070 15068->15067 15072 10007af3 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 15068->15072 15069->15070 15070->14934 15071->15065 15071->15066 15072->15067 15072->15068 15074 1000d564 ?_Xout_of_range@std@@YAXPBD 15073->15074 15075 1000d56f 15073->15075 15074->15075 15076 1000d583 ?_Xlength_error@std@@YAXPBD 15075->15076 15077 1000d58e 15075->15077 15076->15077 15078 1000d7c0 9 API calls 15077->15078 15081 1000d5d7 15077->15081 15079 1000d59d 15078->15079 15080 1000d5bb memcpy 15079->15080 15079->15081 15080->15081 15081->14939 15083 1000d7d0 15082->15083 15084 1000d7c5 ?_Xlength_error@std@@YAXPBD 15082->15084 15085 1000d650 8 API calls 15083->15085 15087 1000d7eb 15083->15087 15084->15083 15086 1000d7e2 15085->15086 15086->15050 15087->15050 15107 10009610 15088->15107 15091 100084ee 15129 10009ab0 ??2@YAPAXI 15091->15129 15092 10007d4f 15092->14950 15092->14951 15096 100086b0 ??2@YAPAXI 15096->15091 15097 10008310 strchr 15102 100084fb 15097->15102 15098 10009610 142 API calls 15098->15102 15099 10008560 ??2@YAPAXI 15099->15102 15100 10008658 ??2@YAPAXI 15100->15102 15101 100085d3 ??2@YAPAXI 15101->15102 15102->15092 15102->15097 15102->15098 15102->15099 15102->15100 15102->15101 15104 100086c0 ??2@YAPAXI 15103->15104 15106 10007d6a ??2@YAPAXI 15104->15106 15106->14954 15108 100084d0 15107->15108 15126 10009623 15107->15126 15108->15091 15108->15092 15127 10009a50 ??2@YAPAXI 15108->15127 15109 10009666 ??2@YAPAXI 15109->15126 15110 10009651 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15110->15126 15112 10008310 strchr 15112->15126 15116 100099f5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15116->15126 15117 1000ac80 ??2@YAPAXI 15117->15126 15119 100095c0 strchr 15119->15126 15121 10009867 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15121->15126 15122 1000990f ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15122->15126 15123 100099bf ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15123->15126 15125 100099d2 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15125->15126 15126->15108 15126->15109 15126->15110 15126->15112 15126->15116 15126->15117 15126->15119 15126->15121 15126->15122 15126->15123 15126->15125 15133 1000a930 15126->15133 15155 1000a850 15126->15155 15169 1000a9e0 15126->15169 15194 1000aa90 15126->15194 15220 1000abc0 ??2@YAPAXI 15126->15220 15222 1000ac20 ??2@YAPAXI 15126->15222 15224 1000ace0 15126->15224 15128 100084e6 15127->15128 15128->15096 15130 10009ac6 ??2@YAPAXI 15129->15130 15132 10009b16 15130->15132 15132->15102 15134 1000a9b1 15133->15134 15135 1000a93c 15133->15135 15248 1000b460 15134->15248 15242 1000ba60 15135->15242 15138 1000a9b8 15140 1000a963 15138->15140 15141 1000a9bc 15138->15141 15146 1000ace0 52 API calls 15140->15146 15143 1000a9d1 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15141->15143 15282 1000b160 15141->15282 15142 1000a951 15144 1000a973 15142->15144 15145 1000a95a 15142->15145 15149 1000a9dc 15143->15149 15151 1000a9a4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15144->15151 15152 1000a999 15144->15152 15145->15140 15145->15143 15148 1000a971 15146->15148 15148->15126 15149->15126 15150 1000a9cd 15150->15143 15150->15149 15151->15126 15246 1000b7d0 ??2@YAPAXI 15152->15246 15156 1000b760 ??2@YAPAXI 15155->15156 15157 1000a85d 15156->15157 15159 10008310 strchr 15157->15159 15160 1000a8ac 15157->15160 15158 1000a917 15405 1000b2a0 15158->15405 15159->15160 15160->15158 15162 1000a8d0 15160->15162 15163 1000a8c9 15160->15163 15390 1000c3a0 15162->15390 15378 1000c2b0 15163->15378 15164 1000a91e 15164->15126 15167 10008310 strchr 15167->15158 15168 1000a8ce 15168->15167 15170 1000aa06 15169->15170 15171 1000a9ee 15169->15171 15173 1000aa6d 15170->15173 15174 1000aa10 15170->15174 15171->15170 15172 1000a9f4 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15171->15172 15172->15126 15175 1000aa26 15173->15175 15176 1000aa77 15173->15176 15177 100095c0 strchr 15174->15177 15559 1000b6b0 ??2@YAPAXI 15175->15559 15572 1000b610 15176->15572 15180 1000aa17 15177->15180 15183 100095c0 strchr 15180->15183 15184 1000aa21 15183->15184 15184->15175 15185 1000aa33 15184->15185 15186 1000aa47 15185->15186 15187 1000aa38 15185->15187 15188 1000aa5b ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15186->15188 15189 1000aa4c 15186->15189 15565 1000b730 15187->15565 15188->15126 15191 1000b730 143 API calls 15189->15191 15193 1000aa54 15191->15193 15193->15126 15195 1000aaa6 15194->15195 15201 1000aaab 15194->15201 15197 1000abba 15195->15197 15199 100095c0 strchr 15195->15199 15195->15201 15196 10008310 strchr 15198 1000ab88 15196->15198 15197->15126 15200 1000abae 15198->15200 15203 1000ab97 15198->15203 15202 1000aad0 15199->15202 15204 1000b830 54 API calls 15200->15204 15201->15196 15205 1000ba60 strchr 15202->15205 15206 100095c0 strchr 15203->15206 15204->15197 15207 1000aade 15205->15207 15208 1000ab9e 15206->15208 15209 1000aaf0 15207->15209 15210 1000aae5 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15207->15210 15587 1000b830 15208->15587 15213 100095c0 strchr 15209->15213 15216 1000aafa 15209->15216 15210->15209 15215 1000ab05 15213->15215 15214 1000ab36 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15214->15201 15215->15216 15584 1000b140 15215->15584 15216->15201 15216->15214 15219 1000ab16 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15219->15216 15221 1000abd1 15220->15221 15221->15126 15223 1000ac31 15222->15223 15223->15126 15225 1000ad11 15224->15225 15226 1000ad1e 15225->15226 15594 1000b930 ??2@YAPAXI 15225->15594 15228 1000ad7f 15226->15228 15230 1000ad28 15226->15230 15229 1000ad92 15228->15229 15597 10008730 15228->15597 15233 1000ada0 realloc 15229->15233 15234 1000adbd 15229->15234 15231 1000ad6e ?tolower@?$ctype@D@std@@QBEDD 15230->15231 15596 10008b50 ?_Incref@facet@locale@std@ 15230->15596 15231->15229 15233->15234 15236 1000adb7 ?_Xmem@tr1@std@ 15233->15236 15234->15126 15236->15234 15237 1000ad3b 15238 1000d120 9 API calls 15237->15238 15239 1000ad49 15238->15239 15239->15231 15240 1000ad5a ?_Decref@facet@locale@std@@QAEPAV123 15239->15240 15240->15231 15241 1000ad64 15240->15241 15241->15231 15243 1000a94a 15242->15243 15245 1000ba7b 15242->15245 15243->15134 15243->15142 15244 10008310 strchr 15244->15245 15245->15243 15245->15244 15247 1000a9a2 15246->15247 15247->15126 15250 1000b475 15248->15250 15249 1000b521 15251 1000b576 15249->15251 15252 1000b530 15249->15252 15250->15249 15259 1000b47c 15250->15259 15253 1000b59d 15251->15253 15256 1000b582 15251->15256 15298 100095c0 15252->15298 15255 1000b5c4 15253->15255 15260 1000b5a9 15253->15260 15262 1000b604 15255->15262 15267 1000ba60 strchr 15255->15267 15257 100095c0 strchr 15256->15257 15263 1000b589 15257->15263 15261 10008310 strchr 15259->15261 15266 100095c0 strchr 15260->15266 15281 1000b51c 15261->15281 15313 1000bcc0 15262->15313 15269 1000ba60 strchr 15263->15269 15272 1000b5b0 15266->15272 15268 1000b5da 15267->15268 15268->15262 15273 1000b597 15268->15273 15269->15273 15270 1000b549 15276 1000b554 15270->15276 15277 1000b54d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15270->15277 15271 1000b60b 15271->15138 15278 1000ba60 strchr 15272->15278 15279 1000b5e6 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15273->15279 15273->15281 15274 1000b5f8 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15275 1000b5ff 15274->15275 15275->15138 15280 100095c0 strchr 15276->15280 15277->15276 15278->15273 15279->15281 15280->15281 15281->15274 15281->15275 15347 1000be90 15282->15347 15285 1000b1b0 15285->15150 15286 1000b1d4 15353 1000c6e0 15286->15353 15291 1000b1fa 15292 1000d120 9 API calls 15291->15292 15294 1000b208 15292->15294 15293 10008310 strchr 15295 1000b288 15293->15295 15296 1000b219 ?_Decref@facet@locale@std@@QAEPAV123 15294->15296 15297 1000b223 15294->15297 15295->15150 15296->15297 15297->15293 15301 100095cc 15298->15301 15299 10008310 strchr 15300 10009603 15299->15300 15302 10008800 15300->15302 15301->15299 15303 10008831 15302->15303 15304 1000889e 15302->15304 15312 1000886a 15303->15312 15324 10008b50 ?_Incref@facet@locale@std@ 15303->15324 15309 100088ab 15304->15309 15335 10008a00 15304->15335 15307 10008841 15325 1000d120 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 15307->15325 15309->15270 15310 1000884f 15311 10008860 ?_Decref@facet@locale@std@@QAEPAV123 15310->15311 15310->15312 15311->15312 15312->15270 15314 1000bcf0 15313->15314 15323 1000bd32 15313->15323 15314->15323 15346 10008b50 ?_Incref@facet@locale@std@ 15314->15346 15316 1000bd09 15318 1000d120 9 API calls 15316->15318 15317 1000be18 15317->15271 15320 1000bd17 15318->15320 15319 10008310 strchr 15321 1000be05 15319->15321 15322 1000bd28 ?_Decref@facet@locale@std@@QAEPAV123 15320->15322 15320->15323 15321->15271 15322->15323 15323->15317 15323->15319 15324->15307 15326 1000d178 15325->15326 15327 1000d193 15326->15327 15328 1000d188 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 15326->15328 15329 1000d1f7 ??1_Lockit@std@@QAE 15327->15329 15330 1000d1ac ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@ 15327->15330 15328->15327 15329->15310 15331 1000d1db ?_Incref@facet@locale@std@ 15330->15331 15332 1000d1bf ??0bad_cast@std@@QAE@PBD _CxxThrowException 15330->15332 15343 1000fabc ??2@YAPAXI 15331->15343 15332->15331 15336 10008a5d 15335->15336 15337 10008a2a 15335->15337 15336->15309 15345 10008b50 ?_Incref@facet@locale@std@ 15337->15345 15339 10008a34 15340 1000d120 9 API calls 15339->15340 15341 10008a42 15340->15341 15341->15336 15342 10008a53 ?_Decref@facet@locale@std@@QAEPAV123 15341->15342 15342->15336 15344 1000d1f4 15343->15344 15344->15329 15345->15339 15346->15316 15348 1000b1a8 15347->15348 15349 1000bea3 15347->15349 15348->15285 15348->15286 15351 1000b760 ??2@YAPAXI 15348->15351 15349->15348 15359 1000c760 15349->15359 15352 1000b771 15351->15352 15352->15286 15355 1000c6f0 15353->15355 15354 10008800 12 API calls 15354->15355 15355->15354 15356 1000b1e1 15355->15356 15357 1000c707 ??2@YAPAXI 15355->15357 15356->15297 15358 10008b50 ?_Incref@facet@locale@std@ 15356->15358 15357->15355 15358->15291 15360 1000c791 15359->15360 15361 1000c7ce ?tolower@?$ctype@D@std@@QBEDD 15359->15361 15376 10008b50 ?_Incref@facet@locale@std@ 15360->15376 15362 1000c823 ?tolower@?$ctype@D@std@@QBEDD 15361->15362 15363 1000c7e6 15361->15363 15362->15349 15377 10008b50 ?_Incref@facet@locale@std@ 15363->15377 15366 1000c79b 15368 1000d120 9 API calls 15366->15368 15367 1000c7f0 15369 1000d120 9 API calls 15367->15369 15370 1000c7a9 15368->15370 15371 1000c7fe 15369->15371 15370->15361 15372 1000c7ba ?_Decref@facet@locale@std@@QAEPAV123 15370->15372 15371->15362 15374 1000c80f ?_Decref@facet@locale@std@@QAEPAV123 15371->15374 15372->15361 15373 1000c7c4 15372->15373 15373->15361 15374->15362 15375 1000c819 15374->15375 15375->15362 15376->15366 15377->15367 15379 1000c2e1 15378->15379 15380 1000c337 15378->15380 15382 1000c327 ?tolower@?$ctype@D@std@@QBEDD 15379->15382 15429 10008b50 ?_Incref@facet@locale@std@ 15379->15429 15381 1000c340 ??2@YAPAXI 15380->15381 15384 1000c34f 15380->15384 15381->15384 15382->15380 15384->15168 15385 1000c2f4 15386 1000d120 9 API calls 15385->15386 15387 1000c302 15386->15387 15387->15382 15388 1000c313 ?_Decref@facet@locale@std@@QAEPAV123 15387->15388 15388->15382 15389 1000c31d 15388->15389 15389->15382 15391 1000c3d1 15390->15391 15392 1000c429 15390->15392 15393 1000c417 ?tolower@?$ctype@D@std@@QBEDD 15391->15393 15430 10008b50 ?_Incref@facet@locale@std@ 15391->15430 15394 1000c433 ??2@YAPAXI 15392->15394 15397 1000c442 15392->15397 15393->15392 15394->15397 15395 1000c45b realloc 15398 1000c472 ?_Xmem@tr1@std@ 15395->15398 15399 1000c478 15395->15399 15397->15395 15397->15399 15398->15399 15399->15168 15400 1000c3e4 15401 1000d120 9 API calls 15400->15401 15402 1000c3f2 15401->15402 15402->15393 15403 1000c403 ?_Decref@facet@locale@std@@QAEPAV123 15402->15403 15403->15393 15404 1000c40d 15403->15404 15404->15393 15431 1000bb30 15405->15431 15407 1000b2d9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15409 1000b2b0 15407->15409 15408 1000b3f7 15408->15164 15409->15407 15409->15408 15410 1000c3a0 15 API calls 15409->15410 15411 10008310 strchr 15409->15411 15412 1000c2b0 13 API calls 15409->15412 15413 1000bb30 85 API calls 15409->15413 15414 1000b3fe 15409->15414 15415 1000b351 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15409->15415 15420 10008730 39 API calls 15409->15420 15421 1000b398 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15409->15421 15461 1000bf40 15409->15461 15410->15409 15411->15409 15412->15409 15413->15409 15416 1000b425 15414->15416 15417 1000b419 15414->15417 15415->15409 15418 1000c3a0 15 API calls 15416->15418 15422 1000c2b0 13 API calls 15417->15422 15419 1000b423 15418->15419 15423 1000b445 15419->15423 15424 1000b439 15419->15424 15420->15409 15421->15409 15422->15419 15427 1000c3a0 15 API calls 15423->15427 15426 1000c2b0 13 API calls 15424->15426 15428 1000b43e 15426->15428 15427->15408 15428->15164 15429->15385 15430->15400 15432 1000bc01 15431->15432 15433 1000bb41 15431->15433 15434 1000bc95 15432->15434 15435 1000bc0a 15432->15435 15436 10008310 strchr 15433->15436 15437 1000bcb8 15434->15437 15440 100095c0 strchr 15434->15440 15439 10008310 strchr 15435->15439 15438 1000bb81 15436->15438 15437->15409 15441 1000bb8b 15438->15441 15448 1000bb96 15438->15448 15445 1000bc4a 15439->15445 15442 1000bcaf 15440->15442 15492 1000c620 15441->15492 15442->15409 15444 1000bb92 15444->15409 15446 100095c0 strchr 15445->15446 15449 1000bc5c 15445->15449 15450 1000bc75 15446->15450 15447 1000bbf1 15447->15409 15448->15447 15451 1000bbd4 15448->15451 15452 1000bbbb 15448->15452 15449->15409 15509 1000c4a0 15450->15509 15451->15447 15455 100095c0 strchr 15451->15455 15454 100095c0 strchr 15452->15454 15457 1000bbcb 15454->15457 15458 1000bbe8 15455->15458 15457->15409 15458->15409 15462 1000bf7b 15461->15462 15469 1000c035 15461->15469 15463 1000bfc4 ?tolower@?$ctype@D@std@@QBEDD 15462->15463 15557 10008b50 ?_Incref@facet@locale@std@ 15462->15557 15465 1000bfe1 15463->15465 15466 1000c01e ?tolower@?$ctype@D@std@@QBEDD 15463->15466 15558 10008b50 ?_Incref@facet@locale@std@ 15465->15558 15466->15469 15467 1000c102 15474 1000c109 ??2@YAPAXI 15467->15474 15486 1000c118 15467->15486 15468 1000bf8e 15473 1000d120 9 API calls 15468->15473 15485 1000c061 ??2@YAPAXI 15469->15485 15489 1000c0b1 15469->15489 15471 1000bfeb 15477 1000d120 9 API calls 15471->15477 15472 1000c0c4 15482 1000c3a0 15 API calls 15472->15482 15491 1000c0ee 15472->15491 15478 1000bf9c 15473->15478 15474->15486 15475 1000c158 15481 1000c179 realloc 15475->15481 15475->15491 15476 1000c134 realloc 15476->15475 15479 1000c14f ?_Xmem@tr1@std@ 15476->15479 15480 1000bff9 15477->15480 15483 1000bfb7 15478->15483 15484 1000bfad ?_Decref@facet@locale@std@@QAEPAV123 15478->15484 15479->15475 15480->15466 15487 1000c00a ?_Decref@facet@locale@std@@QAEPAV123 15480->15487 15488 1000c190 ?_Xmem@tr1@std@ 15481->15488 15481->15491 15482->15472 15483->15463 15484->15483 15485->15469 15486->15475 15486->15476 15487->15466 15490 1000c014 15487->15490 15488->15491 15489->15467 15489->15472 15490->15466 15491->15409 15493 1000c682 15492->15493 15494 1000c62e 15492->15494 15495 1000c692 15493->15495 15497 1000b160 20 API calls 15493->15497 15494->15493 15496 1000c634 15494->15496 15498 1000ba60 strchr 15495->15498 15502 1000c696 15495->15502 15500 10008310 strchr 15496->15500 15497->15495 15499 1000c6ab 15498->15499 15503 1000c6b2 15499->15503 15504 1000c6cb 15499->15504 15501 1000c67b 15500->15501 15501->15444 15502->15444 15505 1000c6c4 15503->15505 15506 1000c6b9 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15503->15506 15507 1000b460 17 API calls 15504->15507 15505->15444 15506->15505 15508 1000c6d2 15507->15508 15508->15444 15510 1000c50e 15509->15510 15516 1000c4ba 15509->15516 15512 1000c513 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15510->15512 15513 1000c524 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15510->15513 15511 1000c508 15511->15510 15514 1000c540 15511->15514 15519 1000c580 15512->15519 15513->15519 15517 1000c582 15514->15517 15518 1000c545 15514->15518 15515 10008310 strchr 15515->15516 15516->15511 15516->15515 15520 1000c5a5 15517->15520 15521 1000c587 15517->15521 15523 1000be90 14 API calls 15518->15523 15522 10008310 strchr 15519->15522 15520->15519 15529 1000c5b0 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15520->15529 15530 1000c5bd 15520->15530 15524 1000c59a 15521->15524 15525 1000c58d ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15521->15525 15526 1000bc7e 15522->15526 15527 1000c560 15523->15527 15540 1000c9c0 15524->15540 15525->15519 15535 1000a7f0 15526->15535 15531 1000c573 15527->15531 15532 1000c568 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15527->15532 15529->15519 15551 1000cb20 15530->15551 15533 1000c6e0 13 API calls 15531->15533 15532->15531 15533->15519 15536 1000a7fe ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15535->15536 15539 1000a808 15535->15539 15536->15539 15537 10008310 strchr 15538 1000a848 15537->15538 15538->15409 15539->15537 15541 1000cb90 58 API calls 15540->15541 15545 1000ca00 15541->15545 15542 1000cb90 58 API calls 15542->15545 15543 1000ca77 ??3@YAXPAX 15543->15545 15544 1000ca91 ??2@YAPAXI 15544->15545 15545->15542 15545->15543 15545->15544 15546 1000caed 15545->15546 15547 1000cb00 15546->15547 15548 1000caf3 ??3@YAXPAX 15546->15548 15549 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15547->15549 15548->15547 15550 1000cb17 15549->15550 15550->15519 15552 1000cb4a ??2@YAPAXI 15551->15552 15553 1000cb31 15551->15553 15554 1000cb5b 15552->15554 15553->15552 15553->15554 15555 1000cd10 realloc ?_Xmem@tr1@std@ 15554->15555 15556 1000cb81 15555->15556 15556->15519 15557->15468 15558->15471 15560 1000b6cd 15559->15560 15561 100084b0 144 API calls 15560->15561 15562 1000b715 15561->15562 15563 100086b0 ??2@YAPAXI 15562->15563 15564 1000aa2c 15563->15564 15564->15126 15580 1000c1c0 ??2@YAPAXI 15565->15580 15568 100084b0 145 API calls 15569 1000b74d 15568->15569 15570 100086b0 ??2@YAPAXI 15569->15570 15571 1000aa40 15570->15571 15571->15126 15573 1000b622 ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@ 15572->15573 15574 1000b62d ??2@YAPAXI 15572->15574 15573->15574 15575 1000b644 15574->15575 15576 100084b0 143 API calls 15575->15576 15577 1000b68f 15576->15577 15578 100086b0 ??2@YAPAXI 15577->15578 15579 1000aa7c 15578->15579 15579->15126 15581 1000c1fc ??2@YAPAXI 15580->15581 15583 1000b744 15581->15583 15583->15568 15585 1000ba60 strchr 15584->15585 15586 1000ab12 15585->15586 15586->15216 15586->15219 15588 1000b858 ??2@YAPAXI 15587->15588 15589 1000b83d 15587->15589 15590 1000b871 ??2@YAPAXI 15588->15590 15589->15588 15591 1000ace0 52 API calls 15589->15591 15593 1000abaa 15590->15593 15591->15588 15593->15126 15595 1000b941 15594->15595 15595->15226 15596->15237 15598 1000875f 15597->15598 15603 10008793 15597->15603 15609 10008b50 ?_Incref@facet@locale@std@ 15598->15609 15600 10008769 15610 10009b60 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 15600->15610 15602 10008776 15602->15603 15604 10008789 ?_Decref@facet@locale@std@@QAEPAV123 15602->15604 15605 100087d9 15603->15605 15606 100087cf ??3@YAXPAX 15603->15606 15604->15603 15607 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15605->15607 15606->15605 15608 100087f2 15607->15608 15608->15229 15609->15600 15611 10009bbb 15610->15611 15612 10009bcb ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 15611->15612 15614 10009bd6 15611->15614 15612->15614 15613 10009c37 ??1_Lockit@std@@QAE 15613->15602 15614->15613 15615 10009bec 15614->15615 15621 10009c80 15614->15621 15615->15613 15618 10009c01 ??0bad_cast@std@@QAE@PBD _CxxThrowException 15619 10009c1d ?_Incref@facet@locale@std@ 15618->15619 15620 1000fabc std::locale::facet::_Facet_Register ??2@YAPAXI 15619->15620 15620->15615 15622 10009d81 15621->15622 15623 10009cc3 15621->15623 15624 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15622->15624 15623->15622 15625 10009ccb ??2@YAPAXI 15623->15625 15626 10009bf9 15624->15626 15627 10009ce2 15625->15627 15628 10009d4a 15625->15628 15626->15618 15626->15619 15635 1000d090 15627->15635 15630 10009d69 15628->15630 15631 10009d5a ??1_Locinfo@std@@QAE 15628->15631 15630->15622 15634 10009d74 ??3@YAXPAX 15630->15634 15631->15630 15634->15622 15636 1000d0a6 15635->15636 15637 1000d460 15 API calls 15636->15637 15638 10009ced ??0_Locinfo@std@@QAE@PBD ??0facet@locale@std@@IAE@I ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@ 15637->15638 15638->15628 15640 10007e40 15639->15640 15640->15640 15641 10007e6b ?_Init@locale@std@@CAPAV_Locimp@12 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12 ?_Incref@facet@locale@std@ 15640->15641 15641->14959 15658 10008d30 15642->15658 15646 10007bc6 15646->14963 15647 10007ef0 15646->15647 15648 10007f03 15647->15648 15650 10007f8b 15648->15650 15652 10008154 15648->15652 15654 10007fe8 15648->15654 15657 10007f37 15648->15657 15649 100091b0 53 API calls 15649->15650 15650->15649 15650->15657 15651 10007ef0 76 API calls 15651->15652 15652->15651 15652->15657 15653 10008730 39 API calls 15653->15654 15654->15653 15655 10008800 12 API calls 15654->15655 15656 100092b0 64 API calls 15654->15656 15654->15657 15655->15654 15656->15654 15657->14970 15665 10008217 15658->15665 15667 10008d4e 15658->15667 15659 1000912a ??0exception@std@@QAE@ABQBD _CxxThrowException 15663 10008d30 82 API calls 15663->15667 15665->15646 15670 10008a80 15665->15670 15666 10008e0c strchr 15666->15667 15667->15659 15667->15663 15667->15665 15667->15666 15669 10008e34 strchr 15667->15669 15674 100091b0 15667->15674 15682 1000a040 15667->15682 15698 1000a2f0 15667->15698 15706 10009db0 15667->15706 15710 10009e50 15667->15710 15669->15667 15671 10008ae5 15670->15671 15673 10008aa5 15670->15673 15671->15673 15828 10008b60 15671->15828 15673->15646 15675 100091c9 15674->15675 15676 100091eb 15674->15676 15726 1000a380 15675->15726 15681 10009216 15676->15681 15737 1000a570 15676->15737 15681->15667 15683 1000a07e 15682->15683 15686 1000a0de 15682->15686 15684 1000a0cb ?tolower@?$ctype@D@std@@QBEDD 15683->15684 15741 10008b50 ?_Incref@facet@locale@std@ 15683->15741 15684->15686 15688 1000a10b 15686->15688 15689 10008730 39 API calls 15686->15689 15691 1000a136 15686->15691 15687 1000a095 15690 1000d120 9 API calls 15687->15690 15688->15667 15689->15691 15692 1000a0a3 15690->15692 15691->15688 15694 10008800 12 API calls 15691->15694 15697 1000a1ec 15691->15697 15692->15684 15693 1000a0b7 ?_Decref@facet@locale@std@@QAEPAV123 15692->15693 15693->15684 15696 1000a0c1 15693->15696 15694->15697 15696->15684 15697->15688 15742 100092b0 15697->15742 15699 1000a328 15698->15699 15700 1000a308 15698->15700 15701 1000a34f 15699->15701 15824 1000b030 15699->15824 15813 1000ae40 15700->15813 15701->15667 15708 10009e25 15706->15708 15709 10009ddf 15706->15709 15707 10008d30 86 API calls 15707->15709 15708->15667 15709->15707 15709->15708 15711 10009e93 15710->15711 15712 10009ec8 15710->15712 15711->15712 15714 10008d30 86 API calls 15711->15714 15716 10009f1d 15711->15716 15713 10008d30 86 API calls 15712->15713 15715 10009efe 15713->15715 15714->15711 15717 10009f08 15715->15717 15722 1000a009 15715->15722 15723 10008d30 86 API calls 15715->15723 15718 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15716->15718 15719 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15717->15719 15720 10009f37 15718->15720 15721 10009f17 15719->15721 15720->15667 15721->15667 15724 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15722->15724 15723->15715 15725 1000a038 15724->15725 15725->15667 15727 1000a522 15726->15727 15728 1000a3c5 15726->15728 15730 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15727->15730 15728->15727 15729 10008b50 ?_Incref@facet@locale@std@ 15728->15729 15731 10009b60 36 API calls 15728->15731 15733 1000a40d ?_Decref@facet@locale@std@@QAEPAV123 15728->15733 15734 1000a456 ??3@YAXPAX 15728->15734 15735 1000a4ed ??3@YAXPAX 15728->15735 15736 1000a4a7 ?_Decref@facet@locale@std@@QAEPAV123 15728->15736 15729->15728 15732 100091dc 15730->15732 15731->15728 15732->15667 15733->15728 15734->15728 15735->15728 15736->15728 15739 1000a58b 15737->15739 15740 10009207 15737->15740 15738 1000c760 14 API calls 15738->15739 15739->15738 15739->15740 15740->15667 15741->15687 15765 1000a670 15742->15765 15747 1000933d ??3@YAXPAX 15761 1000934a 15747->15761 15748 100094df 15749 100094f1 15748->15749 15750 100094e4 ??3@YAXPAX 15748->15750 15752 10009508 ??3@YAXPAX 15749->15752 15753 10009515 15749->15753 15750->15749 15751 1000d460 15 API calls 15751->15761 15752->15753 15754 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15753->15754 15755 1000952f 15754->15755 15755->15688 15756 1000a670 56 API calls 15756->15761 15757 100093ab ??3@YAXPAX 15757->15761 15758 10009405 ??3@YAXPAX 15758->15761 15759 100093cc memmove 15759->15761 15760 10009533 15762 1000954a 15760->15762 15763 1000953d ??3@YAXPAX 15760->15763 15761->15748 15761->15751 15761->15756 15761->15757 15761->15758 15761->15759 15761->15760 15762->15753 15764 10009561 ??3@YAXPAX 15762->15764 15763->15762 15764->15753 15766 1000a7c5 15765->15766 15767 1000a6cd 15765->15767 15768 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15766->15768 15797 1000b9f0 15767->15797 15770 10009321 15768->15770 15791 1000d240 15770->15791 15772 1000a733 ?tolower@?$ctype@D@std@@QBEPBDPADPBD 15773 1000a74a 15772->15773 15779 1000a778 15772->15779 15801 10008b50 ?_Incref@facet@locale@std@ 15773->15801 15776 1000a704 15778 1000d120 9 API calls 15776->15778 15777 1000a754 15780 10009b60 36 API calls 15777->15780 15781 1000a70f 15778->15781 15782 1000d240 2 API calls 15779->15782 15783 1000a75e 15780->15783 15784 1000a71d ?_Decref@facet@locale@std@@QAEPAV123 15781->15784 15787 1000a727 15781->15787 15785 1000a7a3 15782->15785 15783->15779 15786 1000a76e ?_Decref@facet@locale@std@@QAEPAV123 15783->15786 15784->15787 15788 1000a7b8 15785->15788 15789 1000a7af ??3@YAXPAX 15785->15789 15786->15779 15787->15772 15788->15766 15790 1000a7bf ??3@YAXPAX 15788->15790 15789->15788 15790->15766 15792 1000932f 15791->15792 15793 1000d244 15791->15793 15792->15747 15792->15761 15794 1000d256 15793->15794 15795 1000d24a ??3@YAXPAX 15793->15795 15794->15792 15796 1000d26d memmove 15794->15796 15795->15794 15796->15792 15802 1000c850 15797->15802 15799 1000a6e5 15799->15772 15800 10008b50 ?_Incref@facet@locale@std@ 15799->15800 15800->15776 15801->15777 15803 1000c889 15802->15803 15806 1000c979 15802->15806 15804 1000c897 ?_Xlength_error@std@@YAXPBD 15803->15804 15805 1000c8a2 15803->15805 15804->15805 15805->15806 15807 1000d600 ??2@YAPAXI ??0exception@std@@QAE@ABQBD _CxxThrowException 15805->15807 15806->15799 15808 1000c8e1 memmove 15807->15808 15809 1000cd80 15808->15809 15810 1000c90e memmove 15809->15810 15811 1000c932 ??3@YAXPAX 15810->15811 15812 1000c93c 15810->15812 15811->15812 15812->15799 15814 1000afe2 15813->15814 15823 1000ae82 15813->15823 15816 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15814->15816 15815 10008b50 ?_Incref@facet@locale@std@ 15815->15823 15817 1000a31c 15816->15817 15817->15667 15818 10009b60 36 API calls 15818->15823 15819 1000af1c ??3@YAXPAX 15819->15823 15820 1000aed3 ?_Decref@facet@locale@std@@QAEPAV123 15820->15823 15821 1000af6d ?_Decref@facet@locale@std@@QAEPAV123 15821->15823 15822 1000afb3 ??3@YAXPAX 15822->15823 15823->15814 15823->15815 15823->15818 15823->15819 15823->15820 15823->15821 15823->15822 15825 1000b044 15824->15825 15827 1000a343 15824->15827 15826 1000c760 14 API calls 15825->15826 15825->15827 15826->15825 15827->15667 15829 10008b8b ?_Xlength_error@std@@YAXPBD 15828->15829 15831 10008b96 15828->15831 15829->15831 15830 10008bd2 15830->15673 15831->15830 15833 10008be0 15831->15833 15834 10008c23 15833->15834 15835 10008c18 ?_Xlength_error@std@@YAXPBD 15833->15835 15836 10008c81 15834->15836 15840 10008cd0 15834->15840 15835->15834 15836->15830 15838 10008c41 15838->15836 15839 10008c77 ??3@YAXPAX 15838->15839 15839->15836 15841 10008d22 15840->15841 15842 10008cdc 15840->15842 15841->15838 15843 10008ce4 ??2@YAPAXI 15842->15843 15844 10008cf9 ??0exception@std@@QAE@ABQBD _CxxThrowException 15842->15844 15843->15841 15843->15844 15844->15841 15846 10001111 ceil VirtualAlloc 15845->15846 15847 1000110b 15845->15847 15849 10001170 memcpy 15846->15849 15847->14984 15851 10001199 15849->15851 15852 1000118b VirtualFree 15849->15852 15851->14984 15852->15851 15854 10001071 15853->15854 15855 10001100 4 API calls 15854->15855 15856 10001081 memcpy 15855->15856 15857 10001098 15856->15857 15858 10003290 15857->15858 15862 100032ed 15858->15862 15863 100032ab 15858->15863 15859 1000324f 15864 100011b0 15859->15864 15860 100032f3 send 15860->15859 15860->15862 15861 100032b2 send 15861->15863 15862->15859 15862->15860 15863->15859 15863->15861 15863->15862 15865 100011bd 15864->15865 15866 100011c6 15865->15866 15867 100011dd ceil 15865->15867 15866->14992 15868 10001215 15867->15868 15869 1000121c VirtualAlloc 15867->15869 15868->14992 15870 10001237 memcpy VirtualFree 15869->15870 15870->14992 15873 1000781c 15872->15873 15874 1000783e 15872->15874 15873->15874 15875 1000d460 15 API calls 15873->15875 15876 1000d240 2 API calls 15874->15876 15875->15874 15877 10007882 15876->15877 15878 100078ae 15877->15878 15879 100078a2 ??3@YAXPAX 15877->15879 15880 100078d2 15878->15880 15881 100078c9 ??3@YAXPAX 15878->15881 15879->15878 15882 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15880->15882 15881->15880 15883 10006dd1 15882->15883 15883->14997 15885 1000d34a ?_Xout_of_range@std@@YAXPBD 15884->15885 15886 1000d355 15884->15886 15885->15886 15887 1000d37b memmove 15886->15887 15888 1000d39e 15886->15888 15887->15888 15888->15005 15890 1000f51e SetThreadDesktop 15889->15890 15892 1000f516 15889->15892 15891 1000f529 CloseDesktop 15890->15891 15890->15892 15891->15892 15893 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15892->15893 15894 1000f55a 15893->15894 15894->14759 15894->14760 15895 10003030 15901 10003053 15895->15901 15896 100030e8 15897 10003107 15896->15897 15898 100030fd ??_V@YAXPAX 15896->15898 15900 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15897->15900 15898->15897 15899 10003094 select 15899->15896 15899->15901 15902 10003114 15900->15902 15901->15896 15901->15899 15903 100030b2 recv 15901->15903 15904 100030d0 _errno 15901->15904 15908 10003390 15901->15908 15903->15901 15904->15901 15906 100030d7 _errno 15904->15906 15906->15901 15907 100030e1 _errno 15906->15907 15907->15896 15907->15901 15909 100033a6 15908->15909 15910 10001100 4 API calls 15909->15910 15911 100033b8 memcpy 15910->15911 15918 100033d0 15911->15918 15912 10003522 15912->15901 15913 10003507 15914 100011b0 4 API calls 15913->15914 15915 10003519 15914->15915 15915->15901 15916 10003443 timeGetTime 15917 100011b0 4 API calls 15916->15917 15917->15918 15918->15912 15918->15913 15918->15916 15919 10001060 5 API calls 15918->15919 15920 100034cd memmove 15918->15920 15921 100011b0 ceil VirtualAlloc memcpy VirtualFree 15918->15921 15919->15918 15920->15918 15921->15918 15922 10003130 15923 1000317a 15922->15923 15925 10003144 15922->15925 15924 10003158 Sleep 15924->15925 15925->15923 15925->15924 15926 10003190 14 API calls 15925->15926 15926->15925 15927 10011150 15934 10010540 15927->15934 15932 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 15933 10011193 15932->15933 15935 100105c0 WSAStartup 15934->15935 15936 1000fc4b 15935->15936 15939 1000fbaa 15936->15939 15938 1000fc58 15938->15932 15946 10010230 15939->15946 15941 1000fbb6 DecodePointer 15942 1000fbd8 7 API calls 15941->15942 15943 1000fbcc _onexit 15941->15943 15947 1000fc42 _unlock 15942->15947 15945 1000fc39 ___DllMainCRTStartup 15943->15945 15945->15938 15946->15941 15947->15945 15948 3080000 15951 3080010 15948->15951 15954 3080040 15951->15954 15953 308000a 15973 3080810 15954->15973 15956 3080048 15995 3080430 15956->15995 15958 308005a 15959 3080070 15958->15959 15960 3080063 15958->15960 16024 3080590 15959->16024 16089 3080640 15960->16089 15965 308008f 16027 1000e5c0 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW memset 15965->16027 15966 3080082 15967 3080640 LoadLibraryA 15966->15967 15968 3080088 15967->15968 15968->15953 15970 3080640 LoadLibraryA 15971 3080098 15970->15971 15971->15953 15974 30808a4 15973->15974 16092 30807a0 15974->16092 15976 3081110 15977 30807a0 LoadLibraryA 15976->15977 15978 3081131 15977->15978 15979 30807a0 LoadLibraryA 15978->15979 15980 3081197 15979->15980 15981 30807a0 LoadLibraryA 15980->15981 15982 30811b5 15981->15982 15983 30807a0 LoadLibraryA 15982->15983 15984 30811ff 15983->15984 15985 30807a0 LoadLibraryA 15984->15985 15986 3081289 15985->15986 15987 30807a0 LoadLibraryA 15986->15987 15988 30812aa 15987->15988 15989 30807a0 LoadLibraryA 15988->15989 15990 30812cb 15989->15990 15991 30807a0 LoadLibraryA 15990->15991 15992 30812ec 15991->15992 15993 30807a0 LoadLibraryA 15992->15993 15994 30813ed 15993->15994 15994->15956 15996 3080810 LoadLibraryA 15995->15996 15997 308043a 15996->15997 15998 3080447 15997->15998 15999 308045a 15997->15999 16000 3080462 VirtualAlloc 15997->16000 15998->15958 15999->15958 16001 308047a 16000->16001 16002 308048f 16001->16002 16003 30804a0 VirtualAlloc VirtualAlloc 16001->16003 16002->15958 16004 30804e2 16003->16004 16095 30800b0 16004->16095 16006 30804fc 16100 3080300 16006->16100 16009 3080530 16105 3080160 16009->16105 16010 3080520 16011 3080640 LoadLibraryA 16010->16011 16013 3080525 16011->16013 16013->15958 16015 3080574 16015->15958 16016 3080558 16111 1000ffdc 16016->16111 16017 3080547 16018 3080640 LoadLibraryA 16017->16018 16019 308054d 16018->16019 16019->15958 16021 3080640 LoadLibraryA 16022 3080569 16021->16022 16022->15958 16025 3080810 LoadLibraryA 16024->16025 16026 308007b 16025->16026 16026->15965 16026->15966 16028 1000e65e 16027->16028 16029 1000e64f ??2@YAPAXI 16027->16029 16154 10005180 RegCreateKeyA 16028->16154 16029->16028 16032 1000e69d 16165 1000de90 16032->16165 16033 1000e75f 16034 1000e764 GetModuleFileNameA 16033->16034 16035 1000e785 16033->16035 16037 1000e742 SetFileAttributesA CreateThread 16034->16037 16038 1000e791 OutputDebugStringA 16035->16038 16039 1000e78a OutputDebugStringA 16035->16039 16037->16038 16295 1000e530 16037->16295 16041 1000e923 16038->16041 16042 1000e7a5 16038->16042 16039->16038 16045 1000eb15 16041->16045 16046 1000e929 OutputDebugStringA _wcsicmp 16041->16046 16047 1000e7cc GetNativeSystemInfo 16042->16047 16048 1000e7ae ??2@YAPAXI 16042->16048 16043 1000de90 105 API calls 16044 1000e6b1 16043->16044 16049 1000de90 105 API calls 16044->16049 16054 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16045->16054 16052 1000e967 _wcsicmp 16046->16052 16053 1000e94c 16046->16053 16050 1000e7e2 16047->16050 16051 1000e7e8 GetSystemWow64DirectoryA 16047->16051 16055 1000e7bd 16048->16055 16056 1000e6bb 16049->16056 16050->16051 16057 1000e7fd GetSystemDirectoryA 16050->16057 16058 1000e810 OutputDebugStringA 16051->16058 16052->16045 16060 1000e981 OutputDebugStringA 16052->16060 16209 1000dc20 16053->16209 16061 3080092 16054->16061 16055->16047 16062 1000de90 105 API calls 16056->16062 16057->16058 16063 1000e820 16058->16063 16064 1000e9b5 GetNativeSystemInfo 16060->16064 16065 1000e997 ??2@YAPAXI 16060->16065 16061->15970 16066 1000e6c5 16062->16066 16063->16063 16067 1000e828 SHGetFolderPathA sprintf_s CopyFileA 16063->16067 16069 1000e9d1 GetSystemWow64DirectoryA 16064->16069 16070 1000e9cb 16064->16070 16068 1000e9a6 16065->16068 16072 1000de90 105 API calls 16066->16072 16073 1000e8a4 16067->16073 16068->16064 16071 1000e9f9 OutputDebugStringA 16069->16071 16070->16069 16074 1000e9e6 GetSystemDirectoryA 16070->16074 16075 1000ea08 16071->16075 16076 1000e6cf SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 16072->16076 16073->16073 16077 1000e8ac OutputDebugStringA 16073->16077 16074->16071 16075->16075 16078 1000ea10 SHGetFolderPathA sprintf_s CopyFileA 16075->16078 16076->16037 16079 1000e8e8 16077->16079 16080 1000e8d9 ??2@YAPAXI 16077->16080 16082 1000ea90 16078->16082 16215 100052b0 OutputDebugStringA memset OutputDebugStringA CreateProcessA 16079->16215 16080->16079 16082->16082 16084 1000ea98 OutputDebugStringA OutputDebugStringA 16082->16084 16083 1000e908 16085 1000e915 CloseHandle ExitProcess 16083->16085 16086 1000eb0f CloseHandle 16083->16086 16087 1000eacc ??2@YAPAXI 16084->16087 16088 1000eadb 16084->16088 16086->16045 16087->16088 16088->16086 16090 3080810 LoadLibraryA 16089->16090 16091 3080069 16090->16091 16091->15953 16093 30807a8 16092->16093 16094 30807f4 LoadLibraryA 16093->16094 16094->15976 16096 3080810 LoadLibraryA 16095->16096 16099 30800c0 16096->16099 16097 3080159 16097->16006 16098 3080111 VirtualAlloc 16098->16099 16099->16097 16099->16098 16101 3080810 LoadLibraryA 16100->16101 16104 308031c 16101->16104 16102 30807a0 LoadLibraryA 16102->16104 16103 3080404 16103->16009 16103->16010 16104->16102 16104->16103 16106 3080810 LoadLibraryA 16105->16106 16109 3080169 16106->16109 16107 308026d 16107->16015 16107->16016 16107->16017 16108 30801b3 VirtualFree 16108->16109 16109->16107 16109->16108 16110 308023b VirtualProtect 16109->16110 16110->16109 16112 1000ffe7 16111->16112 16113 1000ffec 16111->16113 16125 10010474 16112->16125 16117 1000fec6 16113->16117 16116 308055f 16116->16015 16116->16021 16118 1000fed2 ___DllMainCRTStartup 16117->16118 16120 1000fef9 ___DllMainCRTStartup 16118->16120 16123 1000ff2d ___DllMainCRTStartup 16118->16123 16129 1000fcbc 16118->16129 16120->16116 16121 1000ff5d 16121->16120 16122 1000fcbc __CRT_INIT@12 19 API calls 16121->16122 16122->16120 16123->16120 16123->16121 16124 1000fcbc __CRT_INIT@12 19 API calls 16123->16124 16124->16121 16126 100104a6 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16125->16126 16127 10010499 16125->16127 16128 1001049d 16126->16128 16127->16126 16127->16128 16128->16113 16132 1000fcff 16129->16132 16134 1000fccd 16129->16134 16130 1000fde2 InterlockedCompareExchange 16130->16134 16135 1000fdec 16130->16135 16131 1000fd35 InterlockedCompareExchange 16131->16132 16133 1000fd3d 16131->16133 16132->16131 16132->16133 16137 1000fd28 Sleep 16132->16137 16147 1000fcf8 __IsNonwritableInCurrentImage 16132->16147 16138 1000fd52 _amsg_exit 16133->16138 16139 1000fd5b _initterm_e 16133->16139 16134->16130 16134->16135 16136 1000fdd7 Sleep 16134->16136 16134->16147 16140 1000fe0c DecodePointer 16135->16140 16141 1000fdff _amsg_exit 16135->16141 16136->16130 16137->16131 16142 1000fd94 16138->16142 16143 1000fd7e _initterm 16139->16143 16139->16147 16144 1000fe25 DecodePointer 16140->16144 16145 1000fea8 16140->16145 16141->16147 16142->16147 16148 1000fd9c InterlockedExchange 16142->16148 16143->16142 16149 1000fe38 16144->16149 16146 1000feb4 InterlockedExchange 16145->16146 16145->16147 16146->16147 16147->16123 16148->16147 16150 1000fe8e free _encoded_null 16149->16150 16151 1000fe45 _encoded_null 16149->16151 16150->16145 16151->16149 16152 1000fe4f DecodePointer _encoded_null 16151->16152 16153 1000fe61 DecodePointer DecodePointer 16152->16153 16153->16149 16155 10005291 16154->16155 16156 100051c4 RegQueryValueExA 16154->16156 16158 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16155->16158 16157 100051f8 16156->16157 16159 10005234 RegQueryValueExA 16157->16159 16161 10005217 RegSetValueExA 16157->16161 16160 100052a2 16158->16160 16162 10005262 16159->16162 16163 1000526b RegSetValueExA 16159->16163 16160->16032 16160->16033 16161->16159 16162->16163 16164 10005284 RegCloseKey 16162->16164 16163->16164 16164->16155 16235 10005720 CreateToolhelp32Snapshot Process32First 16165->16235 16168 1000deb5 OpenProcess 16169 1000e37b 16168->16169 16171 1000ded0 OpenProcessToken 16168->16171 16170 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16169->16170 16172 1000e388 16170->16172 16173 1000e374 CloseHandle 16171->16173 16174 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 16171->16174 16172->16043 16173->16169 16175 1000df64 AdjustTokenPrivileges 16174->16175 16176 1000df88 LookupPrivilegeValueA 16174->16176 16175->16176 16177 1000dfa3 AdjustTokenPrivileges 16176->16177 16178 1000dfc7 LookupPrivilegeValueA 16176->16178 16177->16178 16179 1000dfe2 AdjustTokenPrivileges 16178->16179 16180 1000e006 LookupPrivilegeValueA 16178->16180 16179->16180 16181 1000e021 AdjustTokenPrivileges 16180->16181 16182 1000e045 LookupPrivilegeValueA 16180->16182 16181->16182 16183 1000e060 AdjustTokenPrivileges 16182->16183 16184 1000e084 LookupPrivilegeValueA 16182->16184 16183->16184 16185 1000e0c3 LookupPrivilegeValueA 16184->16185 16186 1000e09f AdjustTokenPrivileges 16184->16186 16187 1000e102 LookupPrivilegeValueA 16185->16187 16188 1000e0de AdjustTokenPrivileges 16185->16188 16186->16185 16189 1000e141 LookupPrivilegeValueA 16187->16189 16190 1000e11d AdjustTokenPrivileges 16187->16190 16188->16187 16191 1000e180 LookupPrivilegeValueA 16189->16191 16192 1000e15c AdjustTokenPrivileges 16189->16192 16190->16189 16193 1000e19b AdjustTokenPrivileges 16191->16193 16194 1000e1bf LookupPrivilegeValueA 16191->16194 16192->16191 16193->16194 16195 1000e1da AdjustTokenPrivileges 16194->16195 16196 1000e1fe LookupPrivilegeValueA 16194->16196 16195->16196 16197 1000e219 AdjustTokenPrivileges 16196->16197 16198 1000e23d LookupPrivilegeValueA 16196->16198 16197->16198 16199 1000e258 AdjustTokenPrivileges 16198->16199 16200 1000e27c LookupPrivilegeValueA 16198->16200 16199->16200 16201 1000e297 AdjustTokenPrivileges 16200->16201 16202 1000e2bb GetLengthSid SetTokenInformation 16200->16202 16201->16202 16243 1000dd00 CreateToolhelp32Snapshot Thread32First 16202->16243 16204 1000e303 16205 1000e315 PostThreadMessageA 16204->16205 16206 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 16204->16206 16205->16205 16205->16206 16207 1000e371 16206->16207 16208 1000e367 ??3@YAXPAX 16206->16208 16207->16173 16208->16207 16210 1000dc6d 6 API calls 16209->16210 16211 1000dc4f ??2@YAPAXI 16209->16211 16213 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16210->16213 16212 1000dc5e 16211->16212 16212->16210 16214 1000dcf0 16213->16214 16216 100054c5 OutputDebugStringA SuspendThread OutputDebugStringA VirtualAllocEx 16215->16216 16217 1000536c memset 16215->16217 16218 10005500 OutputDebugStringA WriteProcessMemory 16216->16218 16219 100054b2 16216->16219 16220 100053ad GetNativeSystemInfo 16217->16220 16221 1000538f ??2@YAPAXI 16217->16221 16218->16219 16223 10005526 OutputDebugStringA QueueUserAPC ResumeThread 16218->16223 16222 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16219->16222 16225 100053c7 16220->16225 16226 100053cd GetSystemWow64DirectoryA 16220->16226 16224 1000539e 16221->16224 16227 100054c1 16222->16227 16228 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16223->16228 16224->16220 16225->16226 16229 100053e1 GetSystemDirectoryA 16225->16229 16230 100053f3 OutputDebugStringA 16226->16230 16227->16083 16231 1000555b 16228->16231 16229->16230 16232 10005401 16230->16232 16231->16083 16232->16232 16233 10005409 SHGetFolderPathA sprintf_s CopyFileA CreateProcessA 16232->16233 16233->16216 16234 1000549a CloseHandle CloseHandle 16233->16234 16234->16219 16236 1000575e 16235->16236 16237 1000578f FindCloseChangeNotification 16235->16237 16238 10005760 _mbsicmp 16236->16238 16239 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16237->16239 16240 10005775 Process32Next 16238->16240 16241 10005787 16238->16241 16242 100057a4 16239->16242 16240->16238 16240->16241 16241->16237 16242->16168 16242->16169 16244 1000de50 CloseHandle 16243->16244 16257 1000dd6f 16243->16257 16245 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16244->16245 16246 1000de71 16245->16246 16246->16204 16247 1000de3d Thread32Next 16247->16244 16247->16257 16248 1000de75 ?_Xlength_error@std@@YAXPBD 16249 1000de90 16248->16249 16250 10005720 12 API calls 16249->16250 16251 1000deaa 16250->16251 16252 1000deb5 OpenProcess 16251->16252 16253 1000e37b 16251->16253 16252->16253 16255 1000ded0 OpenProcessToken 16252->16255 16254 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16253->16254 16258 1000e388 16254->16258 16259 1000e374 CloseHandle 16255->16259 16260 1000dee8 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges LookupPrivilegeValueA 16255->16260 16256 10006370 6 API calls 16256->16257 16257->16247 16257->16248 16257->16256 16258->16204 16259->16253 16261 1000df64 AdjustTokenPrivileges 16260->16261 16262 1000df88 LookupPrivilegeValueA 16260->16262 16261->16262 16263 1000dfa3 AdjustTokenPrivileges 16262->16263 16264 1000dfc7 LookupPrivilegeValueA 16262->16264 16263->16264 16265 1000dfe2 AdjustTokenPrivileges 16264->16265 16266 1000e006 LookupPrivilegeValueA 16264->16266 16265->16266 16267 1000e021 AdjustTokenPrivileges 16266->16267 16268 1000e045 LookupPrivilegeValueA 16266->16268 16267->16268 16269 1000e060 AdjustTokenPrivileges 16268->16269 16270 1000e084 LookupPrivilegeValueA 16268->16270 16269->16270 16271 1000e0c3 LookupPrivilegeValueA 16270->16271 16272 1000e09f AdjustTokenPrivileges 16270->16272 16273 1000e102 LookupPrivilegeValueA 16271->16273 16274 1000e0de AdjustTokenPrivileges 16271->16274 16272->16271 16275 1000e141 LookupPrivilegeValueA 16273->16275 16276 1000e11d AdjustTokenPrivileges 16273->16276 16274->16273 16277 1000e180 LookupPrivilegeValueA 16275->16277 16278 1000e15c AdjustTokenPrivileges 16275->16278 16276->16275 16279 1000e19b AdjustTokenPrivileges 16277->16279 16280 1000e1bf LookupPrivilegeValueA 16277->16280 16278->16277 16279->16280 16281 1000e1da AdjustTokenPrivileges 16280->16281 16282 1000e1fe LookupPrivilegeValueA 16280->16282 16281->16282 16283 1000e219 AdjustTokenPrivileges 16282->16283 16284 1000e23d LookupPrivilegeValueA 16282->16284 16283->16284 16285 1000e258 AdjustTokenPrivileges 16284->16285 16286 1000e27c LookupPrivilegeValueA 16284->16286 16285->16286 16287 1000e297 AdjustTokenPrivileges 16286->16287 16288 1000e2bb GetLengthSid SetTokenInformation 16286->16288 16287->16288 16289 1000dd00 18 API calls 16288->16289 16290 1000e303 16289->16290 16291 1000e315 PostThreadMessageA 16290->16291 16292 1000e336 TerminateProcess AdjustTokenPrivileges CloseHandle 16290->16292 16291->16291 16291->16292 16293 1000e371 16292->16293 16294 1000e367 ??3@YAXPAX 16292->16294 16293->16259 16294->16293 16296 1000e550 RegOpenKeyExA 16295->16296 16297 1000e5ab 16296->16297 16298 1000e56c RegQueryValueExA 16296->16298 16303 1000e390 SHGetFolderPathA GetModuleFileNameA sprintf_s sprintf_s RegOpenKeyExA 16297->16303 16299 1000e5a0 RegCloseKey 16298->16299 16300 1000e588 RegCloseKey Sleep 16298->16300 16299->16297 16300->16296 16302 1000e5b0 Sleep 16302->16296 16304 1000e484 OutputDebugStringA RegOpenKeyExA 16303->16304 16305 1000e435 RegQueryValueExA 16303->16305 16308 1000e518 16304->16308 16309 1000e4ad 16304->16309 16306 1000e462 RegCloseKey 16305->16306 16307 1000e47b RegCloseKey 16305->16307 16311 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16306->16311 16307->16304 16312 1000fb3c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 7 API calls 16308->16312 16310 1000de90 105 API calls 16309->16310 16313 1000e4b7 16310->16313 16314 1000e477 16311->16314 16315 1000e524 16312->16315 16316 1000de90 105 API calls 16313->16316 16314->16302 16315->16302 16317 1000e4c1 16316->16317 16318 1000de90 105 API calls 16317->16318 16319 1000e4cb 16318->16319 16320 1000de90 105 API calls 16319->16320 16321 1000e4d5 16320->16321 16322 1000de90 105 API calls 16321->16322 16323 1000e4df RegSetValueExA RegCloseKey 16322->16323 16323->16308

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 1000dd00-1000dd69 CreateToolhelp32Snapshot Thread32First 1 1000de50-1000de74 CloseHandle call 1000fb3c 0->1 2 1000dd6f 0->2 4 1000dd70-1000dd76 2->4 6 1000dd7c-1000dd84 4->6 7 1000de3d-1000de4a Thread32Next 4->7 8 1000dd86-1000dd8d 6->8 9 1000dded-1000ddf2 6->9 7->1 7->4 8->9 12 1000dd8f-1000dd9b 8->12 10 1000ddf4-1000de00 9->10 11 1000de2d-1000de32 9->11 13 1000de02-1000de0a 10->13 14 1000de75-1000deaf ?_Xlength_error@std@@YAXPBD@Z call 10005720 10->14 17 1000de34-1000de37 11->17 18 1000de39 11->18 15 1000dddb-1000dde5 12->15 16 1000dd9d-1000dda7 12->16 13->11 21 1000de0c-1000de19 13->21 31 1000deb5-1000deca OpenProcess 14->31 32 1000e37b-1000e38b call 1000fb3c 14->32 15->18 19 1000dde7-1000ddeb 15->19 16->14 22 1000ddad-1000ddb5 16->22 17->18 18->7 19->18 24 1000de1b-1000de1d 21->24 25 1000de1f 21->25 22->15 26 1000ddb7-1000ddc4 22->26 28 1000de21-1000de23 24->28 25->28 29 1000ddc6-1000ddc8 26->29 30 1000ddca 26->30 33 1000de25 28->33 34 1000de27-1000de28 call 10006370 28->34 35 1000ddcc-1000ddce 29->35 30->35 31->32 37 1000ded0-1000dee2 OpenProcessToken 31->37 33->34 34->11 39 1000ddd0 35->39 40 1000ddd2-1000ddd8 call 10006370 35->40 43 1000e374-1000e375 CloseHandle 37->43 44 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 37->44 39->40 40->15 43->32 46 1000df64-1000df86 AdjustTokenPrivileges 44->46 47 1000df88-1000dfa1 LookupPrivilegeValueA 44->47 46->47 48 1000dfa3-1000dfc5 AdjustTokenPrivileges 47->48 49 1000dfc7-1000dfe0 LookupPrivilegeValueA 47->49 48->49 50 1000dfe2-1000e004 AdjustTokenPrivileges 49->50 51 1000e006-1000e01f LookupPrivilegeValueA 49->51 50->51 52 1000e021-1000e043 AdjustTokenPrivileges 51->52 53 1000e045-1000e05e LookupPrivilegeValueA 51->53 52->53 54 1000e060-1000e082 AdjustTokenPrivileges 53->54 55 1000e084-1000e09d LookupPrivilegeValueA 53->55 54->55 56 1000e0c3-1000e0dc LookupPrivilegeValueA 55->56 57 1000e09f-1000e0c1 AdjustTokenPrivileges 55->57 58 1000e102-1000e11b LookupPrivilegeValueA 56->58 59 1000e0de-1000e100 AdjustTokenPrivileges 56->59 57->56 60 1000e141-1000e15a LookupPrivilegeValueA 58->60 61 1000e11d-1000e13f AdjustTokenPrivileges 58->61 59->58 62 1000e180-1000e199 LookupPrivilegeValueA 60->62 63 1000e15c-1000e17e AdjustTokenPrivileges 60->63 61->60 64 1000e19b-1000e1bd AdjustTokenPrivileges 62->64 65 1000e1bf-1000e1d8 LookupPrivilegeValueA 62->65 63->62 64->65 66 1000e1da-1000e1fc AdjustTokenPrivileges 65->66 67 1000e1fe-1000e217 LookupPrivilegeValueA 65->67 66->67 68 1000e219-1000e23b AdjustTokenPrivileges 67->68 69 1000e23d-1000e256 LookupPrivilegeValueA 67->69 68->69 70 1000e258-1000e27a AdjustTokenPrivileges 69->70 71 1000e27c-1000e295 LookupPrivilegeValueA 69->71 70->71 72 1000e297-1000e2b9 AdjustTokenPrivileges 71->72 73 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 71->73 72->73 76 1000e315-1000e334 PostThreadMessageA 73->76 77 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 73->77 76->76 76->77 78 1000e371 77->78 79 1000e367-1000e36e ??3@YAXPAX@Z 77->79 78->43 79->78
        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000DD4A
        • Thread32First.KERNEL32(00000000,?), ref: 1000DD61
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000DE42
        • CloseHandle.KERNEL32(00000000), ref: 1000DE51
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long), ref: 1000DE7A
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,76229350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,76229350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,76229350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,76229350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,76229350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,76229350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,76229350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseHandleProcess$OpenThread32$??3@CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32Xlength_error@std@@
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
        • API String ID: 1580616088-3994885262
        • Opcode ID: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction ID: f504e6854eb3e7fc705e3e05e336ac061cdd7981011e27a1b81b54c4136a7834
        • Opcode Fuzzy Hash: 8c74cb4fe3e932dd66e54ce2074fc4d3c6e974b74d0bbc6f4ae288fee7abe401
        • Instruction Fuzzy Hash: D632FDB1E00219AFEB14DFD4CD85BAEBBB5FF48740F10851AE615BB284D7B0A941CB54
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 295 1000de90-1000deaf call 10005720 298 1000deb5-1000deca OpenProcess 295->298 299 1000e37b-1000e38b call 1000fb3c 295->299 298->299 301 1000ded0-1000dee2 OpenProcessToken 298->301 303 1000e374-1000e375 CloseHandle 301->303 304 1000dee8-1000df62 LookupPrivilegeValueA AdjustTokenPrivileges * 2 LookupPrivilegeValueA 301->304 303->299 305 1000df64-1000df86 AdjustTokenPrivileges 304->305 306 1000df88-1000dfa1 LookupPrivilegeValueA 304->306 305->306 307 1000dfa3-1000dfc5 AdjustTokenPrivileges 306->307 308 1000dfc7-1000dfe0 LookupPrivilegeValueA 306->308 307->308 309 1000dfe2-1000e004 AdjustTokenPrivileges 308->309 310 1000e006-1000e01f LookupPrivilegeValueA 308->310 309->310 311 1000e021-1000e043 AdjustTokenPrivileges 310->311 312 1000e045-1000e05e LookupPrivilegeValueA 310->312 311->312 313 1000e060-1000e082 AdjustTokenPrivileges 312->313 314 1000e084-1000e09d LookupPrivilegeValueA 312->314 313->314 315 1000e0c3-1000e0dc LookupPrivilegeValueA 314->315 316 1000e09f-1000e0c1 AdjustTokenPrivileges 314->316 317 1000e102-1000e11b LookupPrivilegeValueA 315->317 318 1000e0de-1000e100 AdjustTokenPrivileges 315->318 316->315 319 1000e141-1000e15a LookupPrivilegeValueA 317->319 320 1000e11d-1000e13f AdjustTokenPrivileges 317->320 318->317 321 1000e180-1000e199 LookupPrivilegeValueA 319->321 322 1000e15c-1000e17e AdjustTokenPrivileges 319->322 320->319 323 1000e19b-1000e1bd AdjustTokenPrivileges 321->323 324 1000e1bf-1000e1d8 LookupPrivilegeValueA 321->324 322->321 323->324 325 1000e1da-1000e1fc AdjustTokenPrivileges 324->325 326 1000e1fe-1000e217 LookupPrivilegeValueA 324->326 325->326 327 1000e219-1000e23b AdjustTokenPrivileges 326->327 328 1000e23d-1000e256 LookupPrivilegeValueA 326->328 327->328 329 1000e258-1000e27a AdjustTokenPrivileges 328->329 330 1000e27c-1000e295 LookupPrivilegeValueA 328->330 329->330 331 1000e297-1000e2b9 AdjustTokenPrivileges 330->331 332 1000e2bb-1000e313 GetLengthSid SetTokenInformation call 1000dd00 330->332 331->332 335 1000e315-1000e334 PostThreadMessageA 332->335 336 1000e336-1000e365 TerminateProcess AdjustTokenPrivileges CloseHandle 332->336 335->335 335->336 337 1000e371 336->337 338 1000e367-1000e36e ??3@YAXPAX@Z 336->338 337->303 338->337
        APIs
          • Part of subcall function 10005720: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
          • Part of subcall function 10005720: Process32First.KERNEL32(00000000,00000128), ref: 10005754
          • Part of subcall function 10005720: _mbsicmp.MSVCR100 ref: 10005768
          • Part of subcall function 10005720: Process32Next.KERNEL32(00000000,?), ref: 1000577D
          • Part of subcall function 10005720: FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,76229350), ref: 1000DEBD
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,76229350), ref: 1000DEDA
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF00
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,?,76229350), ref: 1000DF37
        • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,76229350), ref: 1000DF48
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000DF5B
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DF86
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeChangeNotifyPrivilege,?), ref: 1000DF99
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000DFC5
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 1000DFD8
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E004
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeImpersonatePrivilege,?), ref: 1000E017
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E043
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 1000E056
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E082
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 1000E095
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E0C1
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeBackupPrivilege,?), ref: 1000E0D4
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E100
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 1000E113
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E13F
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeSystemEnvironmentPrivilege,?), ref: 1000E152
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E17E
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 1000E191
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1BD
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeTakeOwnershipPrivilege,?), ref: 1000E1D0
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E1FC
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeIncreaseBasePriorityPrivilege,?), ref: 1000E20F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E23B
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 1000E24E
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E27A
        • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 1000E28D
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E2B9
        • GetLengthSid.ADVAPI32(?,?,?,76229350), ref: 1000E2DD
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,76229350), ref: 1000E2F1
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 1000E31F
        • TerminateProcess.KERNEL32(?,00000000), ref: 1000E33C
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000E354
        • CloseHandle.KERNEL32(?), ref: 1000E35A
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000E368
        • CloseHandle.KERNEL32(00000000,?,?,76229350), ref: 1000E375
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Token$AdjustPrivileges$LookupPrivilegeValue$CloseProcess$HandleOpenProcess32$??3@ChangeCreateFindFirstInformationLengthMessageNextNotificationPostSnapshotTerminateThreadToolhelp32_mbsicmp
        • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
        • API String ID: 2285828341-3151685581
        • Opcode ID: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction ID: 9d5110f6554a13224c0dc2d6628ae9181c03fde2b05d646dd95a5c41b9cef351
        • Opcode Fuzzy Hash: 08f42b52829feaccbb4d01c19442992c01f511e508f0324fe60b9a29d044d250
        • Instruction Fuzzy Hash: 6E12A4B1E40219ABEB14CFD4CD85BEEBBB9FF48700F108519E615BB284D7B0AA41CB55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 80 10006970-100069dd GetModuleHandleW 81 100069f8-10006a4d OutputDebugStringA memset * 2 gethostname gethostbyname 80->81 82 100069df-100069ed GetProcAddress 80->82 84 10006a53-10006a9a inet_ntoa strcat_s * 2 81->84 85 10006aee-10006b08 inet_addr 81->85 82->81 83 100069ef-100069f5 82->83 83->81 84->85 88 10006a9c-10006a9e 84->88 86 10006b0a-10006b1b 85->86 87 10006b1d-10006b2d 85->87 89 10006b2e-10006bae wsprintfA call 10006480 OutputDebugStringA call 1000d460 call 100067d0 86->89 87->89 90 10006aa0-10006aec inet_ntoa strcat_s * 2 88->90 97 10006bb1-10006bb6 89->97 90->85 90->90 97->97 98 10006bb8-10006c36 call 1000d460 ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 97->98 101 10006c53 98->101 102 10006c38-10006c51 98->102 103 10006c55-10006cc1 call 10008310 call 10007cc0 101->103 102->103 108 10006cc3 103->108 109 10006cc6-10006cce 103->109 108->109 110 10006cd0-10006cd3 109->110 111 10006cf4-10006d5d 109->111 110->111 112 10006cd5-10006cdd 110->112 113 10006d63-10006d69 111->113 114 10006e4c-10006e4e 111->114 112->111 116 10006cdf-10006cf2 112->116 115 10006d6b-10006d74 113->115 114->115 117 10006d76 115->117 118 10006d7c-10006d97 call 10007b50 115->118 116->111 117->118 122 10006e92-10006f09 OutputDebugStringA ?_Init@locale@std@@CAPAV_Locimp@12@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Incref@facet@locale@std@@QAEXXZ ??2@YAPAXI@Z 118->122 123 10006d9d-10006dc4 118->123 126 10006f26 122->126 127 10006f0b-10006f24 122->127 124 10006dc6 123->124 125 10006dc9-10006e05 call 10007770 call 1000d3c0 123->125 124->125 136 10006e14-10006e26 125->136 137 10006e07-10006e11 ??3@YAXPAX@Z 125->137 129 10006f28-10006f94 call 10008310 call 10007cc0 126->129 127->129 141 10006f96 129->141 142 10006f99-10006fa1 129->142 139 10006e53-10006e59 136->139 140 10006e28-10006e2e 136->140 137->136 145 10006e61-10006e74 strncpy 139->145 146 10006e5b 139->146 147 10006e30 140->147 148 10006e36-10006e3e 140->148 141->142 143 10006fa3-10006fa6 142->143 144 10006fc7-10007030 142->144 143->144 149 10006fa8-10006fb0 143->149 151 10007036-1000703c 144->151 152 1000711f-10007121 144->152 150 10006e7a-10006e80 145->150 146->145 147->148 153 10006e40-10006e48 148->153 149->144 154 10006fb2-10006fc5 149->154 150->122 155 10006e82-10006e8f ??3@YAXPAX@Z 150->155 156 1000703e-10007049 151->156 152->156 153->153 157 10006e4a 153->157 154->144 155->122 158 10007051-1000706c call 10007b50 156->158 159 1000704b 156->159 157->150 163 10007072-10007099 158->163 164 10007165-1000724c OutputDebugStringA * 2 RegOpenKeyA RegQueryValueExA RegCloseKey GetSystemInfo wsprintfA GlobalMemoryStatusEx OutputDebugStringA 158->164 159->158 166 1000709b 163->166 167 1000709e-100070da call 10007770 call 1000d3c0 163->167 165 1000724e-10007250 164->165 168 10007270-1000727f 165->168 169 10007252-1000726c capGetDriverDescriptionA 165->169 166->167 178 100070e9-100070fb 167->178 179 100070dc-100070e6 ??3@YAXPAX@Z 167->179 173 10007281-10007292 168->173 169->165 172 1000726e 169->172 172->168 173->173 175 10007294-100072a1 call 10006550 173->175 183 100072a3-100072b3 wsprintfA 175->183 184 100072b6-100072f1 OutputDebugStringA call 10003190 OutputDebugStringA 175->184 181 10007126-1000712c 178->181 182 100070fd-10007103 178->182 179->178 187 10007134-10007147 strncpy 181->187 188 1000712e 181->188 185 10007105 182->185 186 1000710b-10007111 182->186 183->184 193 100072f3-100072f6 ??3@YAXPAX@Z 184->193 194 100072f9-10007305 184->194 185->186 189 10007113-1000711b 186->189 191 1000714d-10007153 187->191 188->187 189->189 192 1000711d 189->192 191->164 195 10007155-10007162 ??3@YAXPAX@Z 191->195 192->191 193->194 196 10007307-1000730a 194->196 197 1000732b-1000733d 194->197 195->164 196->197 198 1000730c-10007314 196->198 199 10007353-1000735b 197->199 200 1000733f-10007347 ?_Decref@facet@locale@std@@QAEPAV123@XZ 197->200 198->197 201 10007316-10007329 198->201 203 10007363-1000736f 199->203 204 1000735d-10007360 ??3@YAXPAX@Z 199->204 200->199 202 10007349-1000734f 200->202 201->197 202->199 205 10007371-10007374 203->205 206 10007395-100073a7 203->206 204->203 205->206 210 10007376-1000737e 205->210 207 100073a9-100073b1 ?_Decref@facet@locale@std@@QAEPAV123@XZ 206->207 208 100073bd-100073c8 206->208 207->208 211 100073b3-100073b9 207->211 212 100073d6-100073f2 208->212 213 100073ca-100073d3 ??3@YAXPAX@Z 208->213 210->206 214 10007380-10007393 210->214 211->208 215 10007400-10007421 call 1000fb3c 212->215 216 100073f4-100073fd ??3@YAXPAX@Z 212->216 213->212 214->206 216->215
        APIs
        • GetModuleHandleW.KERNEL32(NTDLL,40B6422C), ref: 100069D5
        • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 100069E5
        • OutputDebugStringA.KERNEL32(10012984), ref: 100069FD
        • memset.MSVCR100 ref: 10006A10
        • memset.MSVCR100 ref: 10006A22
        • gethostname.WS2_32(?,00000100), ref: 10006A36
        • gethostbyname.WS2_32(?), ref: 10006A43
        • inet_ntoa.WS2_32 ref: 10006A5B
        • strcat_s.MSVCR100 ref: 10006A74
        • strcat_s.MSVCR100 ref: 10006A8A
        • inet_ntoa.WS2_32 ref: 10006AAA
        • strcat_s.MSVCR100 ref: 10006ABD
        • strcat_s.MSVCR100 ref: 10006AD7
        • inet_addr.WS2_32(?), ref: 10006AF5
        • wsprintfA.USER32 ref: 10006B2E
        • OutputDebugStringA.KERNEL32(?), ref: 10006B45
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(00000000,http://whois.pconline.com.cn/ipJson.jsp), ref: 10006BDE
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100 ref: 10006BEA
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100 ref: 10006BF2
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006C2B
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E0B
        • strncpy.MSVCR100 ref: 10006E6B
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        • ??3@YAXPAX@Z.MSVCR100 ref: 10006E89
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?), ref: 10006E99
        • ?_Init@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EB1
        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP100(?,?,?,?,?), ref: 10006EBD
        • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP100(?,?,?,?,?), ref: 10006EC5
        • ??2@YAPAXI@Z.MSVCR100 ref: 10006EFE
        • ??3@YAXPAX@Z.MSVCR100 ref: 100070E0
        • strncpy.MSVCR100 ref: 1000713E
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000715C
        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007172
        • OutputDebugStringA.KERNEL32(100129EC,?,?,?,?,?,?,?,?,?,?,?), ref: 10007179
        • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 1000719D
        • RegQueryValueExA.KERNEL32(?,~MHz,00000000,?,?,?,?,?,?,?,?), ref: 100071C5
        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071D2
        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 100071EB
        • wsprintfA.USER32 ref: 10007204
        • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000721E
        • OutputDebugStringA.KERNEL32(100129F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10007248
        • capGetDriverDescriptionA.AVICAP32(00000000,?,00000064,?,00000032,?,?,?,?,?,?,?,?), ref: 10007262
        • wsprintfA.USER32 ref: 100072AD
        • OutputDebugStringA.KERNEL32(100129F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072BB
        • OutputDebugStringA.KERNEL32(100129F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100072E1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100072F4
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000733F
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000735E
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100073A9
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073D1
        • ??3@YAXPAX@Z.MSVCR100 ref: 100073FB
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@DebugOutputString$Locimp@12@strcat_s$wsprintf$??2@Decref@facet@locale@std@@Getgloballocale@locale@std@@Incref@facet@locale@std@@Init@locale@std@@V123@inet_ntoamemsetstrncpy$AddressCloseDescriptionDriverGlobalHandleInfoMemoryModuleOpenProcQueryStatusSystemValueXout_of_range@std@@gethostbynamegethostnameinet_addr
        • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
        • API String ID: 941699131-3408092411
        • Opcode ID: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction ID: 5937c9bef880f8db1bb605a9ff32026a22730c05f7b93559c92fa2109faa8b67
        • Opcode Fuzzy Hash: 91fb2cc0269d25647ac40d6bd025e516abdc8cff649c5dc3c51f186259f9b46d
        • Instruction Fuzzy Hash: 446256B1D012699FEB25DF28CC84A9DB7B5FB48340F4185E9E54DA7242DB70AE84CF90
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 221 1000e5c0-1000e64d OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW memset 222 1000e66d-1000e697 call 10005180 221->222 223 1000e64f-1000e65c ??2@YAPAXI@Z 221->223 229 1000e69d-1000e741 call 1000de90 * 5 SHGetFolderPathA GetModuleFileNameA sprintf_s CopyFileA 222->229 230 1000e75f-1000e762 222->230 224 1000e666 223->224 225 1000e65e-1000e664 223->225 227 1000e668 224->227 225->227 227->222 234 1000e742-1000e75d SetFileAttributesA CreateThread 229->234 231 1000e764-1000e783 GetModuleFileNameA 230->231 232 1000e785-1000e788 230->232 231->234 235 1000e791-1000e79f OutputDebugStringA 232->235 236 1000e78a-1000e78f OutputDebugStringA 232->236 234->235 238 1000e923 235->238 239 1000e7a5-1000e7ac 235->239 236->235 242 1000eb15-1000eb2b call 1000fb3c 238->242 243 1000e929-1000e94a OutputDebugStringA _wcsicmp 238->243 244 1000e7cc-1000e7e0 GetNativeSystemInfo 239->244 245 1000e7ae-1000e7bb ??2@YAPAXI@Z 239->245 249 1000e967-1000e97b _wcsicmp 243->249 250 1000e94c-1000e962 call 1000dc20 243->250 247 1000e7e2-1000e7e6 244->247 248 1000e7e8-1000e7fb GetSystemWow64DirectoryA 244->248 252 1000e7c5 245->252 253 1000e7bd-1000e7c3 245->253 247->248 256 1000e7fd-1000e80a GetSystemDirectoryA 247->256 257 1000e810-1000e81f OutputDebugStringA 248->257 249->242 259 1000e981-1000e995 OutputDebugStringA 249->259 250->249 254 1000e7c7 252->254 253->254 254->244 256->257 262 1000e820-1000e826 257->262 263 1000e9b5-1000e9c9 GetNativeSystemInfo 259->263 264 1000e997-1000e9a4 ??2@YAPAXI@Z 259->264 262->262 266 1000e828-1000e8a3 SHGetFolderPathA sprintf_s CopyFileA 262->266 269 1000e9d1-1000e9e4 GetSystemWow64DirectoryA 263->269 270 1000e9cb-1000e9cf 263->270 267 1000e9a6-1000e9ac 264->267 268 1000e9ae 264->268 273 1000e8a4-1000e8aa 266->273 274 1000e9b0 267->274 268->274 271 1000e9f9-1000ea07 OutputDebugStringA 269->271 270->269 275 1000e9e6-1000e9f3 GetSystemDirectoryA 270->275 276 1000ea08-1000ea0e 271->276 273->273 278 1000e8ac-1000e8d7 OutputDebugStringA 273->278 274->263 275->271 276->276 279 1000ea10-1000ea8c SHGetFolderPathA sprintf_s CopyFileA 276->279 280 1000e8f7-1000e90f call 100052b0 278->280 281 1000e8d9-1000e8e6 ??2@YAPAXI@Z 278->281 283 1000ea90-1000ea96 279->283 289 1000e915-1000e91d CloseHandle ExitProcess 280->289 290 1000eb0f CloseHandle 280->290 284 1000e8f0 281->284 285 1000e8e8-1000e8ee 281->285 283->283 287 1000ea98-1000eaca OutputDebugStringA * 2 283->287 288 1000e8f2 284->288 285->288 291 1000eacc-1000ead9 ??2@YAPAXI@Z 287->291 292 1000eafe-1000eb03 287->292 288->280 290->242 293 1000eaf7-1000eaf9 291->293 294 1000eadb-1000eaeb 291->294 292->290 293->292 294->293
        APIs
        • OutputDebugStringA.KERNEL32(dll run), ref: 1000E5EF
        • OutputDebugStringA.KERNEL32(dll run2), ref: 1000E5F6
        • GetCommandLineW.KERNEL32 ref: 1000E616
        • CommandLineToArgvW.SHELL32(00000000), ref: 1000E61D
        • memset.MSVCR100 ref: 1000E63E
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E651
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000E6DF
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E6F4
        • sprintf_s.MSVCR100 ref: 1000E714
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E72F
        • SetFileAttributesA.KERNEL32(?,00000002), ref: 1000E742
        • CreateThread.KERNEL32(00000000,00000000,1000E530,00000000,00000000,00000000), ref: 1000E757
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000E773
        • OutputDebugStringA.KERNEL32(10012BCC), ref: 1000E78F
        • OutputDebugStringA.KERNEL32(dll run3), ref: 1000E796
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E7B0
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E7D1
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E7F5
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E80A
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E815
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000E85B
        • sprintf_s.MSVCR100 ref: 1000E87B
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000E896
        • OutputDebugStringA.KERNEL32(?), ref: 1000E8CE
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E8DB
        • CloseHandle.KERNEL32(00000000), ref: 1000E915
        • ExitProcess.KERNEL32 ref: 1000E91D
        • OutputDebugStringA.KERNEL32(dll run6), ref: 1000E92E
        • _wcsicmp.MSVCR100 ref: 1000E943
        • _wcsicmp.MSVCR100 ref: 1000E974
        • OutputDebugStringA.KERNEL32(dll run7), ref: 1000E98C
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000E999
        • GetNativeSystemInfo.KERNEL32(?), ref: 1000E9BA
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 1000E9DE
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000E9F3
        • OutputDebugStringA.KERNEL32(dll run4), ref: 1000E9FE
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000EA43
        • sprintf_s.MSVCR100 ref: 1000EA63
        • CopyFileA.KERNEL32(?,?,00000000), ref: 1000EA7E
        • OutputDebugStringA.KERNEL32(?), ref: 1000EABA
        • OutputDebugStringA.KERNEL32(dll run8), ref: 1000EAC1
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000EACE
          • Part of subcall function 1000DC20: ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
          • Part of subcall function 1000DC20: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CED086A), ref: 1000DC8B
          • Part of subcall function 1000DC20: _beginthreadex.MSVCR100 ref: 1000DCAB
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
          • Part of subcall function 1000DC20: FindCloseChangeNotification.KERNEL32(?), ref: 1000DCD4
          • Part of subcall function 1000DC20: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
          • Part of subcall function 1000DC20: CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: DebugOutputString$??2@FileSystem$Directory$CloseCopyFolderPathsprintf_s$CommandCreateHandleInfoLineModuleNameNativeObjectSingleWaitWow64_wcsicmp$ArgvAttributesChangeEventExitFindNotificationProcessThread_beginthreadexmemset
        • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
        • API String ID: 3194832325-3018988614
        • Opcode ID: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction ID: e00065bce056e2eec694fdcbe17dbe5f1d4138d5d76c5432c1841a75b009fc0b
        • Opcode Fuzzy Hash: 48408349eab97cd5d7061ab71ef22aa0cd88e332ae5e8e0fe8f4fbb0de6f70d5
        • Instruction Fuzzy Hash: 57E1DFB05083919FF321DF60CCD8F9B77E9EB88340F458819E6499B2A1EB70E954CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,75B4EC10), ref: 1000E3B4
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75B4EC10), ref: 1000E3C8
        • sprintf_s.MSVCR100 ref: 1000E3EC
        • sprintf_s.MSVCR100 ref: 1000E406
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E429
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E458
        • RegCloseKey.ADVAPI32(?), ref: 1000E469
        • RegCloseKey.ADVAPI32(?), ref: 1000E482
        • OutputDebugStringA.KERNEL32(meiyou), ref: 1000E489
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000E4A7
        • RegSetValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000E509
        • RegCloseKey.ADVAPI32(?), ref: 1000E516
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Close$OpenValuesprintf_s$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
        • API String ID: 3385724880-3482547359
        • Opcode ID: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction ID: bb064bbf97c2c62d535bce16861935705af5cb94d10b491402d3a44aacf73ef4
        • Opcode Fuzzy Hash: b1911bad8e13da454cb33ef3019250bab8d1d3de7bad4ecf89ca9938e779f828
        • Instruction Fuzzy Hash: 1C41B6B1A00229ABE724EB60CC95FEE77B9EF48741F404189F605AB181DB70EE54CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • ResetEvent.KERNEL32(?), ref: 10002E7C
        • InterlockedExchange.KERNEL32(?,00000000), ref: 10002E88
        • timeGetTime.WINMM ref: 10002E8E
        • socket.WS2_32(00000002,00000001,00000006), ref: 10002EBB
        • gethostbyname.WS2_32(?), ref: 10002EDF
        • htons.WS2_32(?), ref: 10002EF8
        • connect.WS2_32(?,?,00000010), ref: 10002F16
        • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10002F42
        • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 10002F5F
        • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 10002F7C
        • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10002F96
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10002FCA
        • InterlockedExchange.KERNEL32(?,00000001), ref: 10002FD3
        • _beginthreadex.MSVCR100 ref: 10002FF6
        • _beginthreadex.MSVCR100 ref: 1000300B
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: setsockopt$ExchangeInterlocked_beginthreadex$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 2079111011-3203441087
        • Opcode ID: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction ID: b9576f5a56d5fc90f673535931a29c256aab77c2e00877a6bb22f49d62ee094d
        • Opcode Fuzzy Hash: e90216200a3a6de843036099aa8696ab5742e5f583cc5186c548a85f1b27fbe0
        • Instruction Fuzzy Hash: AC514CB1640708ABE720DFA5CC85FAAB7F8FF48B10F104619F656A76D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 373 1000f5f0-1000f697 memset * 2 RegOpenKeyExA 374 1000f6a8-1000f6b2 373->374 375 1000f699-1000f6a3 373->375 376 1000f82c-1000f859 call 1000f85a call 1000fb3c 374->376 377 1000f6b8 374->377 375->376 377->376 379 1000f709-1000f73a RegQueryValueExA 377->379 380 1000f79e-1000f7cf RegQueryValueExA 377->380 381 1000f6bf-1000f6f0 RegQueryValueExA 377->381 382 1000f7df-1000f80a RegQueryValueExA 377->382 379->376 387 1000f740-1000f74c 379->387 380->376 383 1000f7d1-1000f7dd 380->383 381->376 386 1000f6f6-1000f704 lstrcpyA 381->386 382->376 384 1000f80c-1000f813 382->384 388 1000f818-1000f81f wsprintfA 383->388 384->388 390 1000f822 386->390 391 1000f750-1000f753 387->391 388->390 390->376 392 1000f755-1000f789 strncat * 2 strchr 391->392 393 1000f78b-1000f799 lstrcpyA 391->393 392->391 393->390
        APIs
        • memset.MSVCR100 ref: 1000F659
        • memset.MSVCR100 ref: 1000F66C
        • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 1000F68F
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
          • Part of subcall function 1000F85A: RegCloseKey.ADVAPI32(?), ref: 1000F870
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Closememset$Open
        • String ID: %08X$Host
        • API String ID: 4198983563-2867006347
        • Opcode ID: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction ID: adbd0d5af6a241aa481bfd1282a27b80bcd9ef8c5456532d6de21fb9161f540e
        • Opcode Fuzzy Hash: cfa645bf00bf564c92a4535627b2e1c46068841130caed3ecfd443373cb0d12f
        • Instruction Fuzzy Hash: BB5136B1901218BBE724DB50DC89FEE77B8EB48750F104299F605A7191DB74EB94CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • wsprintfA.USER32 ref: 1000DA17
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000DA2C
        • GetLastError.KERNEL32 ref: 1000DA38
        • ReleaseMutex.KERNEL32(00000000), ref: 1000DA46
        • CloseHandle.KERNEL32(00000000), ref: 1000DA4D
        • exit.MSVCR100 ref: 1000DA55
        • GetTickCount.KERNEL32 ref: 1000DAA0
        • GetTickCount.KERNEL32 ref: 1000DABB
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000DAF9
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DB66
        • TerminateThread.KERNEL32(?,000000FF), ref: 1000DBDA
        • CloseHandle.KERNEL32(?), ref: 1000DBE8
        • CloseHandle.KERNEL32(?), ref: 1000DC0B
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$??2@ErrorEventLastReleaseTerminateThreadexitwsprintf
        • String ID: %d:%d$bxpalxe175.top
        • API String ID: 3209965405-398679606
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: 9b6d6527995a1bc86d293931c81bfebd72a342585489ac247063181489b700f2
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 17519EB0508751DFE720DF68CC84B9FB7E9FB88351F018619E54A87295C770A815CFA2
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000680C
        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP100 ref: 10006835
        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 10006854
        • InternetCloseHandle.WININET(00000000), ref: 10006861
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068B0
        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 100068E7
        • InternetCloseHandle.WININET(00000000), ref: 10006929
        • InternetCloseHandle.WININET(00000000), ref: 1000692C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000693E
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Internet$CloseHandle$FileOpenReadV01@$??3@??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
        • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
        • API String ID: 3920785804-909499719
        • Opcode ID: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction ID: dbd1db5420fc97e2b1574d172d17a853fb0eadf566ed8d2bb0c925582a551d23
        • Opcode Fuzzy Hash: 49e07ad511a094c097e50c4ff8cd2ffce326d0433fb077d5892e7a8e5f6e0e09
        • Instruction Fuzzy Hash: FA41DAF1900169AFE725DB24CC84F9BB7BDEB88240F1185A9F60597240DB70DE85CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 451 10005180-100051be RegCreateKeyA 452 10005291-100052a5 call 1000fb3c 451->452 453 100051c4-100051f6 RegQueryValueExA 451->453 454 10005201-1000520a 453->454 455 100051f8-100051ff 453->455 458 10005210-10005215 454->458 455->454 457 10005234-10005260 RegQueryValueExA 455->457 461 10005262-10005269 457->461 462 1000526b-10005282 RegSetValueExA 457->462 458->458 460 10005217-10005232 RegSetValueExA 458->460 460->457 461->462 463 10005284-1000528b RegCloseKey 461->463 462->463 463->452
        APIs
        • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100051B6
        • RegQueryValueExA.KERNEL32(?,BITS,00000000,?,00000000,?,?,?), ref: 100051EC
        • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005232
        • RegQueryValueExA.KERNEL32(?,Host,00000000,?,00000000,?,?,?), ref: 1000525C
        • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,100125F0,00000001,?,?), ref: 10005282
        • RegCloseKey.KERNEL32(?,?,?), ref: 1000528B
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Value$Query$CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2357964129-2174744495
        • Opcode ID: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction ID: 1c489391ec789372160bb87cc09f55bdc3293cbe4a8543e270fef5c46911e416
        • Opcode Fuzzy Hash: 2df4ee94c3ca16e3e7bb053519255bb25d130e0fa9f5283c60d2cb013b2ac14d
        • Instruction Fuzzy Hash: EC3184B190051AABEF24DB64CC98FEA77B9EB48344F004199F609AB150DB71EE95CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 464 10006480-100064eb memset * 2 465 1000650b-10006530 call 1000f5f0 lstrlenA 464->465 466 100064ed-100064fa ??2@YAPAXI@Z 464->466 472 10006532-10006538 gethostname 465->472 473 1000653e-1000654f lstrlenA call 1000fb3c 465->473 467 10006504 466->467 468 100064fc-10006502 466->468 470 10006506 467->470 468->470 470->465 472->473
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: lstrlenmemset$??2@gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1496828540-2058306683
        • Opcode ID: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction ID: eeaf22b91febc3ac32f044b37c26ea59e48f62d048d87cfe098355e406599b6b
        • Opcode Fuzzy Hash: 991bc1947fc31913dc74cd0c358ddae3032284feba4f95c34165f1d0059344e4
        • Instruction Fuzzy Hash: 8F1129F0A416659BF711DF148C81B5E77E5EF08300F1080A4E608A6291E770EB96CF55
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 476 1000e530-1000e547 477 1000e550-1000e56a RegOpenKeyExA 476->477 478 1000e5ab-1000e5bb call 1000e390 Sleep 477->478 479 1000e56c-1000e586 RegQueryValueExA 477->479 478->477 480 1000e5a0-1000e5a5 RegCloseKey 479->480 481 1000e588-1000e59e RegCloseKey Sleep 479->481 480->478 481->477
        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.KERNEL32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNEL32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
        • Instruction ID: 4bc774e57ee20510f07a24c414313a84460cd311d63814d2f5adc237444319e7
        • Opcode Fuzzy Hash: d799199c623398fc6b3bd25a410f6c270d42b998ab274cbb05e430ad293164a1
        • Instruction Fuzzy Hash: A40162B1514711FBF214D7A4CC89E5B7BACEB48385F118A14FA44A60A5F770ED10CB66
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,40B6422C,?,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F0F3
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F192
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1D0
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F1F5
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F21A
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,40B6422C,?,76232F30,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000), ref: 1000EF67
          • Part of subcall function 1000EF10: InitializeCriticalSectionAndSpinCount.KERNEL32(FFFFFFFF,00000000,?,?,100108AB,000000FF,?,1000F2CA,?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EF83
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F320
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F326
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F334
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000F33D
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteExceptionExchangeInterlockedThrowTimetime
        • String ID:
        • API String ID: 2486110213-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: 2af7e3eb0e823ea97c72e5039e117cc962aa6e5bd46d490c6e48496562b3fd0e
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 7A81B6B0A01A46BFE304DF7AC984796FBA8FB09344F50862EE12D97640D775A964CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 509 30807a0-3080801 call 30806d0 call 3080780 LoadLibraryA
        APIs
        • LoadLibraryA.KERNEL32(?,00000000,00000072), ref: 030807FC
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID: A$b$d$i$o$y
        • API String ID: 1029625771-4132616007
        • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction ID: c2681003f1b7354b175174e91d827a869e9db6e53bf0c4abb29c107603e36a98
        • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
        • Instruction Fuzzy Hash: DDF0975400D3C1AEE302E768944569BBED65BE2644F48CC9CE4D80B243D2BA865CC7B3
        Uniqueness

        Uniqueness Score: -1.00%

        Control-flow Graph

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 1000DC51
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,6CED086A), ref: 1000DC8B
        • _beginthreadex.MSVCR100 ref: 1000DCAB
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000DCC5
        • FindCloseChangeNotification.KERNEL32(?), ref: 1000DCD4
        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1000DCD9
        • CloseHandle.KERNEL32(00000000), ref: 1000DCDC
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseObjectSingleWait$??2@ChangeCreateEventFindHandleNotification_beginthreadex
        • String ID:
        • API String ID: 2957458102-0
        • Opcode ID: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction ID: 398cddf0cba81e003f92f0fc08b3f97c19d82136c1af4c2f86b7154fad5050d5
        • Opcode Fuzzy Hash: c357b44ffdb4659bdadf5525d05dd74a7fe35d28156339be54a3feea827311c6
        • Instruction Fuzzy Hash: 6221A574A01228ABFB10DB64CC89F9E77B4EF04750F508195E604AB2D0DB74EA44CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10005744
        • Process32First.KERNEL32(00000000,00000128), ref: 10005754
        • _mbsicmp.MSVCR100 ref: 10005768
        • Process32Next.KERNEL32(00000000,?), ref: 1000577D
        • FindCloseChangeNotification.KERNEL32(00000000), ref: 10005790
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32_mbsicmp
        • String ID: 360Tray.exe
        • API String ID: 169230292-3639442380
        • Opcode ID: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction ID: bb08ef9dedc442e16adb0919a7fb9a40da3e0e1de37efcffe32b363c03c3c74e
        • Opcode Fuzzy Hash: ad92ce3848c6c2541b6d6f2091159405b0bf397e6e7c6cb4f86847865fca4f48
        • Instruction Fuzzy Hash: B7017175601228AFE711DF649D88AFB77BCEB48381F004198E90A86241DB31DE54CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000E566
        • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000E582
        • RegCloseKey.KERNEL32(?), ref: 1000E58D
        • Sleep.KERNEL32(00000BB8), ref: 1000E598
        • RegCloseKey.KERNEL32(?), ref: 1000E5A5
        • Sleep.KERNEL32(00000BB8), ref: 1000E5B5
        Strings
        • IsSystemUpgradeComponentRegistered, xrefs: 1000E578
        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E55C
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep$OpenQueryValue
        • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
        • API String ID: 3341780449-3687489623
        • Opcode ID: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
        • Instruction ID: 62c5375c2d3dd91c453aad9b821b456929043e2b0c58830021f5aa7f057e4d56
        • Opcode Fuzzy Hash: a462fef01a96866e7e0a4a974cbbe4bc9d4db0f173a4aed7407d49b696fece22
        • Instruction Fuzzy Hash: 6DF01CB0504756FEF210CBA0CC85F6B77ACEB88789F008918BA4496050E730D8118B62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: _errno$recvselect
        • String ID:
        • API String ID: 4102763267-0
        • Opcode ID: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction ID: 7c8d84f19768cdf4cc5782d09636c8d1d96503dfc8eb734cf6bb9d4bd79266e7
        • Opcode Fuzzy Hash: 1730624fd0b58dc4b7d3e1aa667ef664fccee4656c7273c2521767ad977e5b27
        • Instruction Fuzzy Hash: 3521B1B0A00214DFFB11DF64CC85B9B77A8EF48390F1085A4E605AB295C7B0AD95CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??2@lstrlenmemset
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 3680187532-3074452007
        • Opcode ID: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction ID: 66f4104b3df3357354076d5931c580f892355a069074d8dfc236d59af23abc8f
        • Opcode Fuzzy Hash: 71238aa803a2219e2b9c71e53eea00ab52b47cc8c7a5dd9720b66e023a0775a6
        • Instruction Fuzzy Hash: DE1189F09017558FE760CF288C8171ABBF4EB08300F1080A9D649D7251E630EA95CF44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 030801C4
        • VirtualProtect.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0308024A
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Virtual$FreeProtect
        • String ID: $@
        • API String ID: 2581862158-1077428164
        • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction ID: c6096c443ba7412059324aa42f5e66f962c3f188334922d09e11a7cf2a323d35
        • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
        • Instruction Fuzzy Hash: FD316D70605301AFD754DF18C454BABB7E5BFC8708F448A0CE9899B280D3B5E949CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 100011E9
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001227
        • memcpy.MSVCR100 ref: 10001243
        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 10001256
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction ID: 544fdbd66ed33e08c177f018d52dfec8398ccfe2fec8338094484b213fde6334
        • Opcode Fuzzy Hash: 67f60a876482b63bcf59a5774161a07c5c35a3d3735a40c91f36f7c4e50d1f4d
        • Instruction Fuzzy Hash: E921AEB1B00709AFEB14CFA9DD85B9FBBF4EF40741F00856DE949E2640EA70A860CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ceil.MSVCR100 ref: 1000112F
        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 10001160
        • memcpy.MSVCR100 ref: 1000117C
        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 10001193
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Virtual$AllocFreeceilmemcpy
        • String ID:
        • API String ID: 941304502-0
        • Opcode ID: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction ID: 389732cc6b44b23bea5ab07893b1845aba372dd4ddcea55eaa6217745c91ce0e
        • Opcode Fuzzy Hash: 49a51552c366874757e52c01ac0398c63e6f06a091519a15f42e9c22de444c80
        • Instruction Fuzzy Hash: 8F1181B1A00709ABEB14CFA9DC86B9EFBF8FF04745F008569EA59D2250E670E954CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Timememcpymemmovetime
        • String ID:
        • API String ID: 4274353191-0
        • Opcode ID: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
        • Instruction ID: afecd50a7c454d311ed32d302ad4081b02eea8efc9c71ac32c660e33d9f65598
        • Opcode Fuzzy Hash: 7ab31908488119cf7fe01a3c08a77ff6143e5896606706c6d40ca1442972c94c
        • Instruction Fuzzy Hash: 3F51AF767006029FE716CF69C8C0A9BB7A9FF48294B15C62CE9598B709DB31FC51CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 1000319B
        • InterlockedExchange.KERNEL32(?,00000001), ref: 100031B3
        • GetCurrentThreadId.KERNEL32 ref: 1000325F
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CurrentThread$ExchangeInterlocked
        • String ID:
        • API String ID: 4033114805-0
        • Opcode ID: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
        • Instruction ID: 92f6bba2800e62d8b85ec8c1807ef17e1ec769a13b423f36a60faff404f1ae5a
        • Opcode Fuzzy Hash: 6a86ed22078e12e2b354d238a71a543c8b96340feb047aebf247ee9e0a35a410
        • Instruction Fuzzy Hash: 87318C702006029FE719CF69C981A9BB7E8FF48784B10C52DE95ACB65AD731FC91CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction ID: 29d14db0a8cde238f84cf592577136df2f8e8036b46d31dd592a379fbcae6c8b
        • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
        • Instruction Fuzzy Hash: 0241E4B63423006FE750EF68EC84BAB77E8EFC4222F144569FA45CA641EB71D8058661
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • send.WS2_32(?,?,00040000,00000000), ref: 100032C1
        • send.WS2_32(?,?,?,00000000), ref: 100032FE
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: send
        • String ID:
        • API String ID: 2809346765-0
        • Opcode ID: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
        • Instruction ID: 1deb385b20d9e394e8c28e3a722fddd06f86f9e1ae6173c74813b045a65b48b2
        • Opcode Fuzzy Hash: 141fbcad572bc8a6ad12aa18cf5b4a2f5d9d7a34c88bb10396d11778853f58d5
        • Instruction Fuzzy Hash: 4211E572B01304ABF751CA6ACCC1B4FB79CEB513E4F10C021EA09D7145D670EE519650
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • HeapCreate.KERNEL32(00000004,00000000,00000000,?,00000000,1000F180,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE1B
        • free.MSVCR100(?,?,?,00000000,10010C3B,000000FF,?,1000DA7F), ref: 1000EE56
          • Part of subcall function 10001560: _CxxThrowException.MSVCR100(?,100136B0), ref: 10001570
          • Part of subcall function 10001560: DeleteCriticalSection.KERNEL32(00000000,?,100136B0), ref: 10001581
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CreateCriticalDeleteExceptionHeapSectionThrowfree
        • String ID:
        • API String ID: 3340481177-0
        • Opcode ID: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
        • Instruction ID: 575860950ea909c0a9de24c01ecb41454bad4fa3f9112aa4f70152feecff987d
        • Opcode Fuzzy Hash: eb2c977b580c7c3017f6a721ad93d4119069a997f9a8caff46c63318c20b73ad
        • Instruction Fuzzy Hash: 6C0160F0A00B449FD720CF2AC884647FAE8FB98740B104A1EE6DAC7A20D370A545CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Sleep
        • String ID: f
        • API String ID: 3472027048-1993550816
        • Opcode ID: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
        • Instruction ID: c7e15cd3906b8e7a7d059bf332d29cd3d7d3b3c8f0e640a517aa160ad10b5107
        • Opcode Fuzzy Hash: a3c409412f8d3035c8a806ed9ca81eea28748e70dcfa5ce068521c101b240359
        • Instruction Fuzzy Hash: 6AF09031604219ABE302CF95C8C4BAAF3BDFBA9395F118128E50947290C371AD96C7E1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCloseKey.ADVAPI32(80000002,1000F838), ref: 1000F867
        • RegCloseKey.ADVAPI32(?), ref: 1000F870
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Close
        • String ID:
        • API String ID: 3535843008-0
        • Opcode ID: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
        • Instruction ID: 4fc03b5113f31ef1954081eaa79b0761770d9ff5f927f98be152c15ce724a811
        • Opcode Fuzzy Hash: d15fc8f6703e039f4b14877a43bc8d7f030bba452b9068565a04aaf2fdfeacd4
        • Instruction Fuzzy Hash: B1C09B71D1513897CB14F754FC8495977755B8C300F11C1C5A104731548734FE51DF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetEvent.KERNEL32(?,40B6422C), ref: 1000F3F2
          • Part of subcall function 1000F560: OpenInputDesktop.USER32(00000000,00000000,000001FF), ref: 1000F5A3
          • Part of subcall function 1000F560: CloseDesktop.USER32(00000000), ref: 1000F5BB
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Desktop$CloseEventInputOpen
        • String ID:
        • API String ID: 319684186-0
        • Opcode ID: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
        • Instruction ID: 0b4f54108e71b58abfbf2b913fcca8459eb83f82172870ac95fb5b270e60f150
        • Opcode Fuzzy Hash: d2a506b43f5370245d5500818274ae055096f9462ac8b51c3d27bfb380c1e192
        • Instruction Fuzzy Hash: C4018C76A00218AFC700CF68CD80F9ABBF8FB4D660F00816AFA04D7750D731A9008BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAStartup.WS2_32(00000202), ref: 1001116E
          • Part of subcall function 1000FC4B: __onexit.MSVCRT ref: 1000FC53
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Startup__onexit
        • String ID:
        • API String ID: 1034835647-0
        • Opcode ID: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
        • Instruction ID: 37bb70fb8f6ff2c505897149bc16272910b5e66b9ecbd68bd4162a41f6be33dc
        • Opcode Fuzzy Hash: a679640e15643559f5c3a066f09e900c20a234f85583ead12a82baff5bd91695
        • Instruction Fuzzy Hash: 34E04F74A01208ABE704DBE5CD5799EB7A4EB0C240F50406DFA09DB351EA31FB549A96
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,00000000,00000000,00000000,?,030804FC,?,?,00000000,?,?,?), ref: 03080121
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction ID: e890188f35292a916c3a53ba929896815328f253776cc8e90925fc45aef695b0
        • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
        • Instruction Fuzzy Hash: 512147B1600201AFE314DF18DC85B6AF3E9FF88315F15886DF9858B341D7B5A899CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVersionExW.KERNEL32(?), ref: 00546434
        • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 00546456
        • NtQueryInformationProcess.NTDLL ref: 0054645D
        • GetCommandLineW.KERNEL32 ref: 0054649F
        • GetStdHandle.KERNEL32(000000F5), ref: 005464F3
        • GetFileType.KERNEL32(00000000), ref: 00546504
        • memset.MSVCRT ref: 0054652B
        • memset.MSVCRT ref: 0054653D
        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0054661D
        • RegCloseKey.ADVAPI32(?,?), ref: 00546649
        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00546672
        • RegCloseKey.ADVAPI32(?), ref: 0054667E
        • CompareStringW.KERNEL32(00000409,?,00000002,?,00541994,000000FF), ref: 005468CA
        • CompareStringW.KERNEL32(00000409,00000001,00000002,?,package,?), ref: 005468F9
        • CompareStringW.KERNEL32(00000409,00000001,00000002,?,005417F0,000000FF), ref: 005469BB
        • memset.MSVCRT ref: 00546B2C
        • GlobalFree.KERNEL32(?), ref: 00546BA4
        • lstrlenW.KERNEL32(?,00000063,?), ref: 00546C69
        • GlobalFree.KERNEL32(00000000), ref: 00546F6C
        • CoInitialize.OLE32(00000000), ref: 005470D8
        • CoRegisterClassObject.OLE32(005425E0,0054B064,00000004,00000001,0054C6AC), ref: 0054710F
        • GetCurrentThread.KERNEL32 ref: 00547225
        • OpenThreadToken.ADVAPI32(00000000), ref: 0054722C
        • GetLastError.KERNEL32 ref: 0054723F
        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00547CAE
        • TranslateMessage.USER32(?), ref: 00547CD0
        • DispatchMessageW.USER32(?), ref: 00547CDE
        Strings
        • ServerMain (CA): Could not open synchronization handle., xrefs: 005477BB, 00547ABF
        • REBOOT=ReallySuppress, xrefs: 005467FF
        • ServerMain (CA): Error: Watch for the shutdown signal, xrefs: 00547621
        • ServerMain (CA): Error: Watch for change-of-owning-process signal, xrefs: 0054764A
        • ServerMain (CA): Wait on synchronization event failed, xrefs: 005472E1
        • ServerMain (CA): Open synchronization event failed, xrefs: 00547C8E
        • ServerMain (CA): Create Custom Action Server failed., xrefs: 005476CD
        • REBOOTPROMPT="", xrefs: 0054683B
        • promptrestart, xrefs: 00546830
        • ServerMain (CA): Error: Format SD, xrefs: 005475AC
        • ServerMain (CA): Access to token failed, xrefs: 00547250
        • ServerMain (CA): Wrong command line, xrefs: 005471D0
        • /qb!- REBOOTPROMPT=S, xrefs: 005467E1
        • help, xrefs: 0054679A
        • log, xrefs: 0054684E
        • ServerMain (CA): CoInitializeSecurity failed, xrefs: 005475F7
        • forcerestart, xrefs: 00546812
        • OpenProcessToken failed with %d, xrefs: 005473F1
        • REBOOT=Force, xrefs: 0054681D
        • Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 005465D9
        • ServerMain (CA): Connection to Service failed., xrefs: 0054769B
        • ServerMain (CA): Connect to remote object failed., xrefs: 005477F8
        • PATCH=, xrefs: 00546710
        • ServerMain (CA): Error: Access to SD, xrefs: 005474C5
        • package, xrefs: 00546767, 00546795, 005468E8
        • RUVEH?IJDqXFAtPYZlgmnc, xrefs: 00546BDC, 00546DB3, 00546FDC
        • ServerMain (CA): Parsing command line failed, xrefs: 005471E1
        • MSIPATCHREMOVE=, xrefs: 00546774
        • ServerMain (CA): Process not registered with service., xrefs: 00547788
        • q, xrefs: 00546AFA
        • update, xrefs: 00546705
        • /qn, xrefs: 005467C3
        • ServerMain (CA): Impersonation token not saved., xrefs: 005478DD
        • ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type, xrefs: 00547460
        • passive, xrefs: 005467D6
        • ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type, xrefs: 0054742F
        • OLEAUT32.dll, xrefs: 005470DE
        • uninstall, xrefs: 00546715
        • /l*, xrefs: 00546859
        • quiet, xrefs: 005467B8
        • norestart, xrefs: 005467F4
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: CompareMessageQueryStringmemset$CloseCurrentFreeGlobalProcessThreadValue$ClassCommandDispatchErrorFileHandleInformationInitializeLastLineObjectOpenRegisterTokenTranslateTypeVersionlstrlen
        • String ID: /l*$/qb!- REBOOTPROMPT=S$/qn$MSIPATCHREMOVE=$OLEAUT32.dll$OpenProcessToken failed with %d$PATCH=$REBOOT=Force$REBOOT=ReallySuppress$REBOOTPROMPT=""$RUVEH?IJDqXFAtPYZlgmnc$ServerMain (CA): Access to token failed$ServerMain (CA): CoInitializeSecurity failed$ServerMain (CA): Connect to remote object failed.$ServerMain (CA): Connection to Service failed.$ServerMain (CA): Could not open synchronization handle.$ServerMain (CA): Create Custom Action Server failed.$ServerMain (CA): Error: Access to SD$ServerMain (CA): Error: Format SD$ServerMain (CA): Error: Watch for change-of-owning-process signal$ServerMain (CA): Error: Watch for the shutdown signal$ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type$ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type$ServerMain (CA): Impersonation token not saved.$ServerMain (CA): Open synchronization event failed$ServerMain (CA): Parsing command line failed$ServerMain (CA): Process not registered with service.$ServerMain (CA): Wait on synchronization event failed$ServerMain (CA): Wrong command line$Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$forcerestart$help$log$norestart$package$passive$promptrestart$q$quiet$uninstall$update
        • API String ID: 1475639937-2370891382
        • Opcode ID: ddb0d5dfb511f24f829309f7350b6d1dcfb121d24c94751441bec6a66b8b3370
        • Instruction ID: efad67b2abe04a5a1eba7f8dc7ac66a4ff19cfe1b106896498b447937a74a7e5
        • Opcode Fuzzy Hash: ddb0d5dfb511f24f829309f7350b6d1dcfb121d24c94751441bec6a66b8b3370
        • Instruction Fuzzy Hash: 86E2CB755083469FDB208F24C848BEEBFE5FB99318F10492EF58997290EB708D49DB52
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FreeSid.ADVAPI32(?), ref: 00543256
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543274
        • FreeSid.ADVAPI32(?), ref: 00543292
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005432B0
        • FreeSid.ADVAPI32(?), ref: 005432CE
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005432F0
        • FreeSid.ADVAPI32(?), ref: 0054330E
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000013,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0054332C
        • FreeSid.ADVAPI32(?), ref: 0054334A
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000014,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543368
        • FreeSid.ADVAPI32(?), ref: 005433CF
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005433EC
        • FreeSid.ADVAPI32(?), ref: 0054340A
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543428
        • FreeSid.ADVAPI32(?), ref: 00543446
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543468
        • FreeSid.ADVAPI32(?), ref: 005434A2
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005434C0
        • FreeSid.ADVAPI32(?), ref: 005434DE
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543500
        • FreeSid.ADVAPI32(?), ref: 00543548
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543566
        • FreeSid.ADVAPI32(?), ref: 00543584
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005435A6
        • FreeSid.ADVAPI32(?), ref: 005435C4
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005435E2
        • FreeSid.ADVAPI32(?), ref: 00543628
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543646
        • FreeSid.ADVAPI32(?), ref: 00543664
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543686
        • FreeSid.ADVAPI32(?), ref: 005436AE
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005436CC
        • FreeSid.ADVAPI32(?), ref: 005436EA
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543707
        • FreeSid.ADVAPI32(?), ref: 00543725
        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00543747
        • GetLengthSid.ADVAPI32(?), ref: 005437A0
        • memset.MSVCRT ref: 005437C5
        • GlobalAlloc.KERNEL32(00000000,?), ref: 005437E8
        • InitializeAcl.ADVAPI32(?,?,00000002), ref: 00543816
        • AddAccessAllowedAce.ADVAPI32(?,00000002,?,?), ref: 00543842
        • GetAce.ADVAPI32(?,?,?), ref: 0054385D
        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00543887
        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0054389D
        • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 005438AE
        • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 005438C7
        • GetSecurityDescriptorLength.ADVAPI32(?), ref: 005438D6
        • MakeSelfRelativeSD.ADVAPI32(?,?,?), ref: 005438F3
        • GetLastError.KERNEL32 ref: 005438FD
        • GlobalFree.KERNEL32(?), ref: 00543918
        • GetLastError.KERNEL32 ref: 00543920
        • FreeSid.ADVAPI32(?), ref: 0054393D
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: FreeInitialize$Allocate$DescriptorSecurity$ErrorGlobalLastLength$AccessAllocAllowedDaclGroupMakeOwnerRelativeSelfmemset
        • String ID:
        • API String ID: 3802846876-0
        • Opcode ID: 10e63d66af28f34a4ba9724dd00638dc2f682e4d78bfeeb2be1542b78de33ac3
        • Instruction ID: dbb67bfe295d7d9f302a0daeb57d49fee1702d27a30651cd346e3389f6131a6d
        • Opcode Fuzzy Hash: 10e63d66af28f34a4ba9724dd00638dc2f682e4d78bfeeb2be1542b78de33ac3
        • Instruction Fuzzy Hash: F6120871608345AFDB309F60DC8CBEBBBE8FB84749F10482DB588C2160E7719949DB22
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00545A12
        • RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00545A8A
        • RegCloseKey.ADVAPI32(?), ref: 00545AAA
        • GlobalFree.KERNEL32(?), ref: 00545ABF
        • RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00545B14
        • RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00545B35
        • lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00545B3C
        • RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00545B59
        • RegCloseKey.ADVAPI32(?), ref: 00545B65
        • memset.MSVCRT ref: 00545B84
        • OutputDebugStringW.KERNEL32(?), ref: 00545BD4
        • SetLastError.KERNEL32(00000000), ref: 00545BDB
          • Part of subcall function 00542F5E: RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZT,?,00545A48,?,?,?), ref: 00542F8B
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Value$CloseErrorLast$CreateDebugFreeGlobalOpenOutputQueryStringlstrlenmemset
        • String ID: %s$($Debug$Error: %d. %s.$LastError$LastErrorMessage$P$ServerMain (CA): Open synchronization event failed$Software\Microsoft\Windows\CurrentVersion\Installer\CA$Software\Policies\Microsoft\Windows\Installer
        • API String ID: 3407900974-1723650419
        • Opcode ID: 96cf9d9a7462590d565fd79258ab4a7bd3e20cad9e85eee1508fc59cd02aa6e0
        • Instruction ID: 5f1db676417187eb3066c9f2debdbffb1b49a39ca45c1ec12d30821c337db89b
        • Opcode Fuzzy Hash: 96cf9d9a7462590d565fd79258ab4a7bd3e20cad9e85eee1508fc59cd02aa6e0
        • Instruction Fuzzy Hash: 4F51C27590021CEBDB209B51DC89FEA7BB8FB55349F0440A5F54DA3151EB318E89DFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memset.MSVCRT ref: 00545CAD
        • GetACP.KERNEL32(00000641,?,00000000), ref: 00545CE3
        • LoadLibraryW.KERNEL32(KERNEL32), ref: 00545CF0
        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00545D02
        • GetLocaleInfoW.KERNEL32(?,20001004,?,0000000A), ref: 00545D38
        • FreeLibrary.KERNEL32(00000000), ref: 00545D46
        • FormatMessageW.KERNEL32(00001000,00000000,00000641,?,?,00000401,00000000), ref: 00545D6C
        • memset.MSVCRT ref: 00545DEE
        • GetVersionExW.KERNEL32(0000011C), ref: 00545E07
          • Part of subcall function 00542E35: _vsnwprintf.MSVCRT ref: 00542E67
        • lstrlenW.KERNEL32(?), ref: 00545E96
        • WriteFile.KERNEL32(?,00000000,?,00000000), ref: 00545EB4
        • WriteFile.KERNEL32(00542638,00000004,?,00000000), ref: 00545ECF
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: FileLibraryWritememset$AddressFormatFreeInfoLoadLocaleMessageProcVersion_vsnwprintflstrlen
        • String ID: GetUserDefaultUILanguage$Install error %i$KERNEL32
        • API String ID: 2411759445-2065445882
        • Opcode ID: 429674c72aa1bbf2c10c930322a3b5f8f78ad9c712b8eab7e937dbe765d0eac6
        • Instruction ID: d373740111c5be58470af69d82a7ca91e10cad7ed84e3f97f1c02da4062fd3a2
        • Opcode Fuzzy Hash: 429674c72aa1bbf2c10c930322a3b5f8f78ad9c712b8eab7e937dbe765d0eac6
        • Instruction Fuzzy Hash: 3451B4B5900219ABEB109B60DC4DEFB7BBCFF55358F1401A5F619E2192EA70CE48DB60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetNativeSystemInfo.KERNEL32(?,00000000,00000044,?), ref: 03086FB8
        • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 03086FDD
        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 03086FF1
        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 0308703C
        • CopyFileA.KERNEL32(?,?,00000000), ref: 03087072
        • SuspendThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030870D7
        • VirtualAllocEx.KERNEL32(?,00000000,0004DA78,00003000,00000040,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 030870F8
        • WriteProcessMemory.KERNEL32(?,00000000,?,0004DA78,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03087120
        • QueueUserAPC.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 0308713A
        • ResumeThread.KERNEL32(?,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 03087147
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: System$DirectoryThread$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write
        • String ID: D$\msiexec.exe
        • API String ID: 3303475852-2685333904
        • Opcode ID: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction ID: 30dff915631f117ba1a01b6f805de95a35d47ee52924f3f2a7c2bcf12fd05077
        • Opcode Fuzzy Hash: 069827bc804923ca518e23d0722f491ed3ef22bc49eccf8a2e09febce105ff95
        • Instruction Fuzzy Hash: D37140F1901228AFEB25EB648CD4EEA77BDEB48704F008199F60997151DA71DF94CF60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThread.KERNEL32 ref: 00542FC1
        • OpenThreadToken.ADVAPI32(00000000), ref: 00542FC8
        • GetLastError.KERNEL32 ref: 00542FD2
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00542FE9
        • OpenProcessToken.ADVAPI32(00000000), ref: 00542FF0
        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0054300F
        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000030,?,?), ref: 0054303B
        • CloseHandle.KERNEL32(?), ref: 00543044
        • GetLastError.KERNEL32 ref: 0054304A
        • CloseHandle.KERNEL32(?), ref: 00543068
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Token$CloseCurrentErrorHandleLastOpenProcessThread$AdjustLookupPrivilegePrivilegesValue
        • String ID:
        • API String ID: 268630328-0
        • Opcode ID: f1579ea2447e7a61a895be0a751eae10df2d014ee46669405842623a9f4d14cb
        • Instruction ID: cc6a4391fe7d95ea499f2899526561f263bdb1cb14f22c63e961d94fc7835ff7
        • Opcode Fuzzy Hash: f1579ea2447e7a61a895be0a751eae10df2d014ee46669405842623a9f4d14cb
        • Instruction Fuzzy Hash: 3D214B35A00209EBDB109FA5ED4DBDDBBB9FF15708F104029F609E7160EB719A0A9B20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 00543133
        • GetLastError.KERNEL32(?,?), ref: 0054313D
        • GetLengthSid.ADVAPI32(?,?,?), ref: 00543148
        • FreeSid.ADVAPI32(00000000), ref: 0054315E
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AllocateErrorFreeInitializeLastLength
        • String ID:
        • API String ID: 1611457584-0
        • Opcode ID: 03cdac8b53142e3683963134b12a2fc04b873cf9e62408c48d24d8a676a5ea70
        • Instruction ID: 25c34cc386af82919c42399ad19ee3932630937b3ff9e59fc7bfd4642e5771f3
        • Opcode Fuzzy Hash: 03cdac8b53142e3683963134b12a2fc04b873cf9e62408c48d24d8a676a5ea70
        • Instruction Fuzzy Hash: E8116074905209EFDB109BA4DC0DAFEBF78FF5930CF004829E515921A0E7719908EB10
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32 ref: 03091D0C
        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03091D21
        • UnhandledExceptionFilter.KERNEL32(10012404), ref: 03091D2C
        • GetCurrentProcess.KERNEL32(C0000409), ref: 03091D48
        • TerminateProcess.KERNEL32(00000000), ref: 03091D4F
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
        • String ID:
        • API String ID: 2579439406-0
        • Opcode ID: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction ID: b58fcf769c18f5a4c3fb7b567ae96056ea769e76200eb1f4d49fcedb18e63487
        • Opcode Fuzzy Hash: e84dd6119fa8fc09ca8c89f285b5ee219d72138cef0debd5b9e44f2e36076973
        • Instruction Fuzzy Hash: B521DDB8902624EFFB05DF69DDC96443BBAFB1C344F51801AE6088B265E771E990CF15
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 00547DF2
        • GetLastError.KERNEL32 ref: 00547DFC
          • Part of subcall function 005459F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00545A12
          • Part of subcall function 005459F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00545A8A
          • Part of subcall function 005459F2: RegCloseKey.ADVAPI32(?), ref: 00545AAA
          • Part of subcall function 005459F2: GlobalFree.KERNEL32(?), ref: 00545ABF
          • Part of subcall function 005459F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00545B14
          • Part of subcall function 005459F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00545B35
          • Part of subcall function 005459F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00545B3C
          • Part of subcall function 005459F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00545B59
          • Part of subcall function 005459F2: RegCloseKey.ADVAPI32(?), ref: 00545B65
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Value$CloseErrorLast$CreateCtrlDispatcherFreeGlobalQueryServiceStartlstrlen
        • String ID: MSIServer$StartServiceCtrlDispatcher failed.
        • API String ID: 2998827721-520530687
        • Opcode ID: 549590771ad66c6685f981e6afa97e324acd201ce791e59aa53254d316ca8952
        • Instruction ID: 61199f3b9250b67ec58fb29c2fcfb5e2ba72069cf64a58f7e56ef0ee5ef1926d
        • Opcode Fuzzy Hash: 549590771ad66c6685f981e6afa97e324acd201ce791e59aa53254d316ca8952
        • Instruction Fuzzy Hash: 30E0D831E101089BDB00EBB5C80D7EE7EFCFB9430DF4045A49115E2140EBB0D909CB61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00549726,00541000), ref: 005495F7
        • UnhandledExceptionFilter.KERNEL32(00549726,?,00549726,00541000), ref: 00549600
        • GetCurrentProcess.KERNEL32(C0000409,?,00549726,00541000), ref: 0054960B
        • TerminateProcess.KERNEL32(00000000,?,00549726,00541000), ref: 00549612
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
        • String ID:
        • API String ID: 3231755760-0
        • Opcode ID: 247d28e4fbbea5c00bc1dd5772b897499d1c083a6d0d343b049dc09ed350fb87
        • Instruction ID: 6883fcd9015dd6f95433bcfd5494cf9df02c66ff52b01f5ef8088fdc32c60d04
        • Opcode Fuzzy Hash: 247d28e4fbbea5c00bc1dd5772b897499d1c083a6d0d343b049dc09ed350fb87
        • Instruction Fuzzy Hash: 99D0C936000104BBCA002BE1EC0DAC93F38EB5A25AF005400FB0982120DA35444AEB75
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00543C24: EnterCriticalSection.KERNEL32(0054C838,?,?,?,00543C1E,00000000,00000000), ref: 00543C31
          • Part of subcall function 00543C24: LeaveCriticalSection.KERNEL32(0054C838,?,?,?,00543C1E,00000000,00000000), ref: 00543CDF
        • RegOpenKeyExW.ADVAPI32(80000000,CLSID,00000000,00020019,?,00000002,00000000,00007530), ref: 00547EFB
        • RegCloseKey.ADVAPI32(?), ref: 00547F0B
          • Part of subcall function 00548745: GlobalAlloc.KERNEL32(00000000,?,00000000,?,00547F98,00000200), ref: 0054875F
          • Part of subcall function 00548745: memset.MSVCRT ref: 00548778
        • CoUninitialize.OLE32 ref: 00547F5B
        • MakeAbsoluteSD.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000200), ref: 00548058
        • CoUninitialize.OLE32 ref: 00548066
        • GetLastError.KERNEL32 ref: 0054806C
        • GetLastError.KERNEL32(00000000), ref: 005480AC
        • CoUninitialize.OLE32(00000002,00000000,00007530), ref: 005480C2
        • InitializeCriticalSection.KERNEL32(0054C488,00000002,00000000,00007530), ref: 005481D2
        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 005481F5
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00548204
        • GetLastError.KERNEL32 ref: 00548246
        • GetLastError.KERNEL32 ref: 00548276
        • CoRegisterClassObject.OLE32(005425E0,?,00000015,00000001,?,00000002,00000000,00007530), ref: 005482C0
        • MsgWaitForMultipleObjects.USER32(00000003,?,00000000,000000FF,00001CFF), ref: 00548343
        • TranslateMessage.USER32(?), ref: 00548375
        • DispatchMessageW.USER32(?), ref: 00548382
        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00548394
        • GetLastError.KERNEL32 ref: 005483C6
        • GetLastError.KERNEL32 ref: 005483CC
        • GetLastError.KERNEL32(00000000), ref: 0054841B
        • EnterCriticalSection.KERNEL32(0054C488,00000001,00000000), ref: 0054843C
        • CloseHandle.KERNEL32 ref: 00548448
        • LeaveCriticalSection.KERNEL32(0054C488), ref: 00548459
        • EnterCriticalSection.KERNEL32(0054C488,00000001,00000000), ref: 0054846C
        • CloseHandle.KERNEL32 ref: 00548478
        • LeaveCriticalSection.KERNEL32(0054C488), ref: 00548489
        • EnterCriticalSection.KERNEL32(0054C488,00000001,00000000), ref: 0054849C
        • CloseHandle.KERNEL32 ref: 005484A8
        • LeaveCriticalSection.KERNEL32(0054C488), ref: 005484B9
        • CoUninitialize.OLE32(00000001,00000000), ref: 005484C3
        • DeleteCriticalSection.KERNEL32(0054C488,00000001,00000000), ref: 005484E0
        • CoUninitialize.OLE32(?,?,?,?,00000200), ref: 005484EC
        • GlobalFree.KERNEL32(?), ref: 0054850D
        • GlobalFree.KERNEL32(?), ref: 00548526
        • GlobalFree.KERNEL32(?), ref: 0054853F
        • GlobalFree.KERNEL32(?), ref: 00548558
        • GlobalFree.KERNEL32(?), ref: 00548571
        Strings
        • ServiceThreadMain: CreateSD for CreateWaitableTimer failed., xrefs: 005481B1
        • ServiceThreadMain: SetWaitableTimer failed., xrefs: 0054827C
        • CoCreateInstance of CLSID_GlobalOptions failed., xrefs: 00548105
        • ServiceThreadMain: CreateWaitableTimer failed., xrefs: 0054824C
        • CLSID, xrefs: 00547EF1
        • Wait Failed in MsgWait., xrefs: 005483D4
        • ServiceThreadMain: Class registration failed, xrefs: 00548400
        • ServiceThreadMain: CoInitializeSecurity failed, xrefs: 005480A0
        • Set of COMGLB_UNMARSHALING_POLICY failed., xrefs: 00548163
        • ServiceThreadMain: CreateEvent failed., xrefs: 0054840D
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$ErrorLast$Global$FreeUninitialize$CloseEnterLeave$HandleMessage$CreateEvent$AbsoluteAllocClassDeleteDispatchInitializeMakeMultipleObjectObjectsOpenPeekRegisterTranslateWaitmemset
        • String ID: CLSID$CoCreateInstance of CLSID_GlobalOptions failed.$ServiceThreadMain: Class registration failed$ServiceThreadMain: CoInitializeSecurity failed$ServiceThreadMain: CreateEvent failed.$ServiceThreadMain: CreateSD for CreateWaitableTimer failed.$ServiceThreadMain: CreateWaitableTimer failed.$ServiceThreadMain: SetWaitableTimer failed.$Set of COMGLB_UNMARSHALING_POLICY failed.$Wait Failed in MsgWait.
        • API String ID: 535215923-1806920385
        • Opcode ID: 2af7c0daa889d0e954d2c2319caaee5ae8badd2234473225139d527bbce2a98a
        • Instruction ID: fe47fbe85027c96799e8ad7240a2f092ba0c44d99f2f7a5c6f557ce9af4be755
        • Opcode Fuzzy Hash: 2af7c0daa889d0e954d2c2319caaee5ae8badd2234473225139d527bbce2a98a
        • Instruction Fuzzy Hash: 2302D574A01229AFEB249B649D89EFD7FB8FB9570CF004199B509A3150EF709D89DF20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 03087324: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 03087348
          • Part of subcall function 03087324: Process32First.KERNEL32(00000000,00000128), ref: 03087358
          • Part of subcall function 03087324: Process32Next.KERNEL32(00000000,00000128), ref: 03087381
          • Part of subcall function 03087324: CloseHandle.KERNEL32(00000000), ref: 03087394
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0308FAC1
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0308FADE
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0308FB9D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0308FBDC
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0308FC1B
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0308FC5A
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0308FC99
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0308FCD8
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0308FD17
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0308FD56
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0308FD95
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0308FDD4
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0308FE13
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0308FE52
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0308FE91
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0308FEE1
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0308FEF5
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0308FF23
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0308FF40
        • CloseHandle.KERNEL32(?), ref: 0308FF5E
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0308FF79
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenProcess32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
        • String ID:
        • API String ID: 378158439-3916222277
        • Opcode ID: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction ID: c0ef5c28dc297950b1bcbe292bbac27766c008c5f388fce30f28accd629a956e
        • Opcode Fuzzy Hash: d7f3464c920527894e265a845230a3f8c832a49c4fd43de6af9194e2c8746ccc
        • Instruction Fuzzy Hash: F412B6B1E41219ABEB14DFE5CD81BEEBBB5FF48700F148519E615BB280D7B0AA01CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • wsprintfA.USER32 ref: 0308F61B
        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0308F630
        • GetLastError.KERNEL32 ref: 0308F63C
        • ReleaseMutex.KERNEL32(00000000), ref: 0308F64A
        • CloseHandle.KERNEL32(00000000), ref: 0308F651
        • GetTickCount.KERNEL32 ref: 0308F6A4
        • GetTickCount.KERNEL32 ref: 0308F6BF
        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0308F6FD
        • TerminateThread.KERNEL32(?,000000FF), ref: 0308F7DE
        • CloseHandle.KERNEL32(?), ref: 0308F7EC
        • CloseHandle.KERNEL32(?), ref: 0308F80F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseHandle$CountCreateMutexTick$ErrorEventLastReleaseTerminateThreadwsprintf
        • String ID: bxpalxe175.top
        • API String ID: 583979846-781962906
        • Opcode ID: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction ID: f88a26f98f20082763fc1dfa9ff910ee44aac98e589d9a3ac6841ade3d2fe623
        • Opcode Fuzzy Hash: dfc7743faaf7c34ea8dc4cc95a2a6bf1f77ea6928342f1eb42bda5746a21343e
        • Instruction Fuzzy Hash: 7D5190B1509791AFE724EF68CC84B9FB7E5FF88711F004A18E58A9B290C7709815CF92
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 03084A80
        • InterlockedExchange.KERNEL32(?,00000000), ref: 03084A8C
        • timeGetTime.WINMM ref: 03084A92
        • socket.WS2_32(00000002,00000001,00000006), ref: 03084ABF
        • gethostbyname.WS2_32(?), ref: 03084AE3
        • htons.WS2_32(?), ref: 03084AFC
        • connect.WS2_32(?,?,00000010), ref: 03084B1A
        • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 03084BCE
        • InterlockedExchange.KERNEL32(?,00000001), ref: 03084BD7
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
        • String ID: 0u
        • API String ID: 3940796591-3203441087
        • Opcode ID: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction ID: a69f9e16c27cc73946a629a44e5a8799efa5324831a2f833ff97ebc9950d0053
        • Opcode Fuzzy Hash: 805b8648183c63c203746417f1bf1fcdf5a7f7eb7ef9b6c82d9dcdae4c03fa95
        • Instruction Fuzzy Hash: F9515EB1600705ABE720DFA5CC85FAAB7F9FF48B10F104619F656AB2D0D7B0A904CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryExW.KERNEL32(ISMIF32.DLL,00000000,00000800,?,00000000), ref: 005457F6
        • GetProcAddress.KERNEL32(00000000,InstallStatusMIF), ref: 0054580C
        • GetSystemDefaultLangID.KERNEL32(?,00000000), ref: 0054585C
        • memset.MSVCRT ref: 0054589D
        • FormatMessageW.KERNEL32(00001000,00000000,00000000,?,?,00000105,00000000,?,00000000), ref: 005458C5
        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,0054C920,00000100,00000000,00000000,?,00000000), ref: 00545902
        • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 00545976
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Library$AddressByteCharDefaultFormatFreeLangLoadMessageMultiProcSystemWidememset
        • String ID: ISMIF32.DLL$InstallStatusMIF$Installer error %i
        • API String ID: 2186023739-4237920443
        • Opcode ID: 024c8edc4a2e877bf4e71a1773970ff404b02ef498f1b99d4ef700fbde991832
        • Instruction ID: 6943b6d97039ee743bb42ff3327e41db273cdba8fc47d67cec1937389b4b6bff
        • Opcode Fuzzy Hash: 024c8edc4a2e877bf4e71a1773970ff404b02ef498f1b99d4ef700fbde991832
        • Instruction Fuzzy Hash: 60413B30741318BFE754AB249C4EFFA3E68FB6A72CF100564F55AE20C1E6A0AD44D664
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 0308FFB8
        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0308FFCC
        • RegQueryValueExA.ADVAPI32(?,10012B20,00000000,00000000,00000000,?), ref: 0309005C
        • OutputDebugStringA.KERNEL32(10012B64), ref: 0309008D
        • RegSetValueExA.ADVAPI32(?,10012B20,00000000,00000001,?,?), ref: 0309010D
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Value$DebugFileFolderModuleNameOutputPathQueryString
        • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
        • API String ID: 2479511575-1482746000
        • Opcode ID: db1e06d7f8b1c9a70397df2513213af948fc90533697df7d74bbac6cfb54c00c
        • Instruction ID: f118f1a6406cfa1ca6ab61be828eac2996daa723f302a638a67d548180875f27
        • Opcode Fuzzy Hash: db1e06d7f8b1c9a70397df2513213af948fc90533697df7d74bbac6cfb54c00c
        • Instruction Fuzzy Hash: 1B4196B1A00229ABEB24EB608C95FFE7779EF88701F008189F6056B181DB74EA54CF54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(kernel32.dll,OLEAUT32.dll,0000005C,?,?,00549046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,005490C6,0000020A,?), ref: 00548F8C
        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00548F9F
        • GetLastError.KERNEL32(?,00549046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,005490C6,0000020A,?), ref: 00548FAB
        • FreeLibrary.KERNEL32(00000000,?,00549046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,005490C6,0000020A,?), ref: 00548FE0
        • SetLastError.KERNEL32(00000000,?,00549046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,005490C6,0000020A,?), ref: 00548FE7
        • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00548FF8
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: ErrorLastLibrary$AddressDirectoryFreeLoadProcSystem
        • String ID: GetSystemWow64DirectoryW$OLEAUT32.dll$kernel32.dll
        • API String ID: 1648426049-138662608
        • Opcode ID: 77ee9dd407c2a29578ac25ed3093112e5c730171adc3c9a6ab8a09409d3b3452
        • Instruction ID: 3493c3281a96c84cb8d7b54cbda00f080e7f93907bb1b2e1f35ef6ce5fd3506b
        • Opcode Fuzzy Hash: 77ee9dd407c2a29578ac25ed3093112e5c730171adc3c9a6ab8a09409d3b3452
        • Instruction Fuzzy Hash: 8401923A70465177D71267A49C0CAFF7EABFBA634DF150026FA0392250EEB0CC09A664
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,10016034,?,?,?), ref: 030866EA
        • RtlEnterCriticalSection.NTDLL(?), ref: 03086711
        • SetLastError.KERNEL32(0000139F), ref: 03086725
        • RtlLeaveCriticalSection.NTDLL(?), ref: 0308672C
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalErrorLastSection$EnterLeave
        • String ID:
        • API String ID: 2124651672-0
        • Opcode ID: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction ID: ed1cccee054973005982a4d19b210aaa41b298c3caade59212cb825e53409a65
        • Opcode Fuzzy Hash: 0caddb98867e29de0752d0cfcbec8b2315e495d463000fe6ca5338ea8550326e
        • Instruction Fuzzy Hash: 91518CB6A047149FD714DF68C884B6AB7F4FF48711F008A6EEA4AC3B50DB35E4108B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • lstrlenW.KERNEL32 ref: 00545475
          • Part of subcall function 00548665: GlobalAlloc.KERNEL32(00000040,?,00000020,-00000002,00000000,?,005466E9,?,?,?), ref: 00548680
        • CoInitialize.OLE32(00000000), ref: 005454EB
        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 005454FF
        • SetCurrentDirectoryW.KERNEL32(?,?,00000000,00000008), ref: 00545511
        • GetLastError.KERNEL32(?,00000000,00000008), ref: 0054551B
        • SetThreadToken.ADVAPI32(00000000,00000000,?,00000000,00000008), ref: 00545534
        • GetLastError.KERNEL32(?,00000000,00000008), ref: 0054553E
        • GetProcAddress.KERNEL32(00000000), ref: 00545559
        • GetLastError.KERNEL32(?,?,00000000,00000008), ref: 00545565
        • FreeLibrary.KERNEL32(00000000,?,00000000,00000008), ref: 0054558D
        • CoUninitialize.OLE32(?,00000000,00000008), ref: 00545593
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$Library$AddressAllocCurrentDirectoryFreeGlobalInitializeLoadProcThreadTokenUninitializelstrlen
        • String ID:
        • API String ID: 1429436423-0
        • Opcode ID: 1ac4a9046c160b5fccda51d26cacee7f345970557c6d8bdeb7181b96f5d503a3
        • Instruction ID: 0ab082c4c8501fab5f01409c18ba093a40e71380e9f64307533dbb6d6471b2d7
        • Opcode Fuzzy Hash: 1ac4a9046c160b5fccda51d26cacee7f345970557c6d8bdeb7181b96f5d503a3
        • Instruction Fuzzy Hash: 1041253AA009354BCB315B288C4C7FE7A76BFA5759F010169EC4AEB251FE30CD419AE0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 03085A09
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03085A54
        • send.WS2_32(03085707,?,?,00000000), ref: 03085A72
        • RtlEnterCriticalSection.NTDLL(?), ref: 03085A85
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03085A98
        • HeapFree.KERNEL32(00000000,00000000,?,?,03085707), ref: 03085AC0
        • WSAGetLastError.WS2_32(?,03085707), ref: 03085ACB
        • RtlEnterCriticalSection.NTDLL(?), ref: 03085ADF
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03085B18
        • HeapFree.KERNEL32(00000000,00000000,?,?,03085707), ref: 03085B55
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
        • String ID:
        • API String ID: 1701177279-0
        • Opcode ID: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction ID: 0b3357e52732b6f45edec875552ac7a280d31c64abfb9db2f5c391dddc0339f2
        • Opcode Fuzzy Hash: 61695a6243923d5c623e10463387eeaed85c2f2344ecb119a9721000f3eca049
        • Instruction Fuzzy Hash: A841F8B15057009FD764EF78CCC8AA7B7E9BB4A300F44896DE9AECB250DB71E8418B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSASetLastError.WS2_32(0000000D,00000000,?), ref: 03086967
        • RtlEnterCriticalSection.NTDLL(?), ref: 0308697C
        • WSASetLastError.WS2_32(00002746), ref: 0308698E
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03086995
        • timeGetTime.WINMM ref: 030869C3
        • timeGetTime.WINMM ref: 030869EB
        • SetEvent.KERNEL32(?), ref: 03086A29
        • InterlockedExchange.KERNEL32(?,00000001), ref: 03086A35
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03086A3C
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03086A4F
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
        • String ID:
        • API String ID: 1979691958-0
        • Opcode ID: ca2a519c553e6a7518472017456cd66bb4df54691037a71220f5ab183e518e5f
        • Instruction ID: c83a2997b424dc289a2832080793a97cb18812b1840587e3485af5c3ebabd9fa
        • Opcode Fuzzy Hash: ca2a519c553e6a7518472017456cd66bb4df54691037a71220f5ab183e518e5f
        • Instruction Fuzzy Hash: 7541E8716013089FD720EF68C888A6AF7FDFB49324F098599E5CAC7291D776E4528B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ResetEvent.KERNEL32(?), ref: 10004443
        • ResetEvent.KERNEL32(?), ref: 1000444C
        • timeGetTime.WINMM ref: 1000444E
        • InterlockedExchange.KERNEL32(?,00000000), ref: 1000445D
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 100044AB
        • ResetEvent.KERNEL32(?), ref: 100044C8
          • Part of subcall function 10003F60: GetCurrentThreadId.KERNEL32 ref: 10003F65
          • Part of subcall function 10003F60: send.WS2_32(?,1001242C,00000010,00000000), ref: 10003FC6
          • Part of subcall function 10003F60: SetEvent.KERNEL32(?), ref: 10003FE9
          • Part of subcall function 10003F60: InterlockedExchange.KERNEL32(?,00000000), ref: 10003FF5
          • Part of subcall function 10003F60: WSACloseEvent.WS2_32(?), ref: 10004003
          • Part of subcall function 10003F60: shutdown.WS2_32(?,00000001), ref: 1000401B
          • Part of subcall function 10003F60: closesocket.WS2_32(?), ref: 10004025
        • ResetEvent.KERNEL32(?), ref: 100044DC
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 542259498-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: 0b81298498231164b453952e9ee2c61397d015f610824274be65a47ae4a364de
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: C7319EB6600704ABD220EF69DC85B97B3E8FF88751F104A1EF58AC3650DA31F814CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryA.KERNEL32(?), ref: 0308724A
        • GetCurrentProcess.KERNEL32(00000028,?), ref: 0308727F
        • LoadLibraryA.KERNEL32(10012638), ref: 030872D7
        • CloseHandle.KERNEL32(?), ref: 030872F6
        • FreeLibrary.KERNEL32(00000000), ref: 03087301
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Library$Load$CloseCurrentFreeHandleProcess
        • String ID: .dll$Adva$pi32
        • API String ID: 1168765234-3719434023
        • Opcode ID: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction ID: 1411da5818ce015e0b8c3b2a27c8db1e310cdf2e7e78738075829e6d8496633b
        • Opcode Fuzzy Hash: d548d1cdf610e06d840f9dd1ec7330cf1ab91b0f8b0385469587e18cf28dab6b
        • Instruction Fuzzy Hash: 8F319FB5A02218ABDB10DFB4DD89BEEBBB9EF49701F104159FA05A7280DB74D910CB64
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        • ResolveDelayLoadsFromDll, xrefs: 00549137
        • KERNEL32.DLL, xrefs: 00549113
        • api-ms-win-core-delayload-l1-1-1.dll, xrefs: 00549103
        • ResolveDelayLoadedAPI, xrefs: 00549123
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID: KERNEL32.DLL$ResolveDelayLoadedAPI$ResolveDelayLoadsFromDll$api-ms-win-core-delayload-l1-1-1.dll
        • API String ID: 0-3594434003
        • Opcode ID: 1babf84e51a96e369cdd082310c2de18d7b31077b56148cd6250265050e00a00
        • Instruction ID: 2976767a7e7f9df0e2ecbab48af8c7a856a1de303bb8b994952a33ad6b1ea9f5
        • Opcode Fuzzy Hash: 1babf84e51a96e369cdd082310c2de18d7b31077b56148cd6250265050e00a00
        • Instruction Fuzzy Hash: C0F024BA586733360B316AA81C9BCCF2E497953B9D3012161F800E7148EB44CC08E290
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00549E35: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00549E62
          • Part of subcall function 00549E35: GetCurrentProcessId.KERNEL32 ref: 00549E71
          • Part of subcall function 00549E35: GetCurrentThreadId.KERNEL32 ref: 00549E7A
          • Part of subcall function 00549E35: GetTickCount.KERNEL32 ref: 00549E83
          • Part of subcall function 00549E35: QueryPerformanceCounter.KERNEL32(?), ref: 00549E98
        • GetStartupInfoW.KERNEL32(?,0054A310,00000058), ref: 0054934F
        • Sleep.KERNEL32(000003E8), ref: 00549384
        • _amsg_exit.MSVCRT ref: 00549399
        • _initterm.MSVCRT ref: 005493ED
        • __IsNonwritableInCurrentImage.LIBCMT ref: 00549419
        • exit.MSVCRT ref: 0054948F
        • _ismbblead.MSVCRT ref: 005494AA
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
        • String ID:
        • API String ID: 836923961-0
        • Opcode ID: 4c6edf1f585caada72f63c650a5310b2fd99fcccc8c69813569e2b35cfae1527
        • Instruction ID: 559f8230a69eff7a65e1d5f8e7e67d6a90f78e179490ba0d0c5e6773aca786b0
        • Opcode Fuzzy Hash: 4c6edf1f585caada72f63c650a5310b2fd99fcccc8c69813569e2b35cfae1527
        • Instruction Fuzzy Hash: DA411479944315DFDF218FA4D80A7EB7FB5BB9672CF20041AE902972D0CB744849DB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ??3@$free
        • String ID:
        • API String ID: 2241099983-0
        • Opcode ID: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction ID: 0f1c132389db77ae3884fe5e2b16e910682f404a5e2d35d470791149001e5491
        • Opcode Fuzzy Hash: 42fae90c1ee32660417538b546cc3d7d89dcf387cd4799b0d3c8cf2207ee2e23
        • Instruction Fuzzy Hash: CD21A2B3901A21ABD710DF64DC8096EB768FF48671B498115ED846B700C335FD65CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F,?), ref: 10004C99
        • TryEnterCriticalSection.KERNEL32(?,?), ref: 10004CB8
        • TryEnterCriticalSection.KERNEL32(?), ref: 10004CC2
        • SetLastError.KERNEL32(0000139F), ref: 10004CD9
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE2
        • LeaveCriticalSection.KERNEL32(?), ref: 10004CE9
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction ID: e9462fca6475a47527a0efb2162308b675d690d25f987c342e101ac0edc25ee6
        • Opcode Fuzzy Hash: d099f99915955d1aacd17adb9ff94ec41fe38e7841bde14b6a707195eeb47f9b
        • Instruction Fuzzy Hash: 0E11B2B27003149BE320EB69DC84A6BB3E8EB492A1B000A3FEA05C3550DA71E814C7A5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • memmove.MSVCR100 ref: 1000753B
        • _Strxfrm.MSVCP100(?,?,?,00000001,00000007,40B6422C), ref: 10007636
        • ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,40B6422C), ref: 10007664
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,40B6422C), ref: 1000766F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: StrxfrmXlength_error@std@@Xout_of_range@std@@memmove
        • String ID: invalid string position$string too long
        • API String ID: 2621357903-4289949731
        • Opcode ID: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction ID: 4076ebeaf7b4ea5f75a7c51f2ac2ca95efe769eca1f6dea220943d28c0ed8571
        • Opcode Fuzzy Hash: 34d4198dc8431939bb45e680915ffe721b9f06b44aad846e9262a4fbbaa511ce
        • Instruction Fuzzy Hash: 9C519330B04A409BF724CE6CCC84B5AB7F6FB41691F210A1DE45B87689D7B9E8418791
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegisterServiceCtrlHandlerW.ADVAPI32(MSIServer,Function_000085A0), ref: 00547E2A
        • GetLastError.KERNEL32 ref: 00547E39
          • Part of subcall function 005459F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00545A12
          • Part of subcall function 005459F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00545A8A
          • Part of subcall function 005459F2: RegCloseKey.ADVAPI32(?), ref: 00545AAA
          • Part of subcall function 005459F2: GlobalFree.KERNEL32(?), ref: 00545ABF
          • Part of subcall function 005459F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00545B14
          • Part of subcall function 005459F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00545B35
          • Part of subcall function 005459F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00545B3C
          • Part of subcall function 005459F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00545B59
          • Part of subcall function 005459F2: RegCloseKey.ADVAPI32(?), ref: 00545B65
        • CreateThread.KERNEL32(00000000,00000000,Function_00007EB0,00000000,00000000,0054C6A8), ref: 00547E72
        • GetLastError.KERNEL32(00007530), ref: 00547E80
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: ErrorLastValue$CloseCreate$CtrlFreeGlobalHandlerQueryRegisterServiceThreadlstrlen
        • String ID: MSIServer$RegisterServiceCtrlHandler failed.
        • API String ID: 1878216277-870239898
        • Opcode ID: 5d6e80c7cfac9ea5e78c8246960fb5ed753ad333e32673f1a5114247cad739c7
        • Instruction ID: 17b287dd3b5553a80201e9dc88c9ea55c52f54d26c7f94aa29db24f7716c131c
        • Opcode Fuzzy Hash: 5d6e80c7cfac9ea5e78c8246960fb5ed753ad333e32673f1a5114247cad739c7
        • Instruction Fuzzy Hash: CE012639645621ABC3206776AC0DDEB2EACFFEA76DB000641B90CD2190E760CC05D2B0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,000000FF,10016034,?,?,?,?,?,10010B11,000000FF), ref: 0309078F
        • SetLastError.KERNEL32(00000000,?,?,?,?,?,10010B11,000000FF), ref: 0309079D
        • CancelWaitableTimer.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 030907B0
        • CloseHandle.KERNEL32(?,?,?,?,?,?,10010B11,000000FF), ref: 030907ED
        • RtlDeleteCriticalSection.NTDLL(?), ref: 030908DD
          • Part of subcall function 03085B64: GetCurrentThreadId.KERNEL32 ref: 03085B69
          • Part of subcall function 03085B64: send.WS2_32(?,1001242C,00000010,00000000), ref: 03085BCA
          • Part of subcall function 03085B64: SetEvent.KERNEL32(?), ref: 03085BED
          • Part of subcall function 03085B64: InterlockedExchange.KERNEL32(?,00000000), ref: 03085BF9
          • Part of subcall function 03085B64: WSACloseEvent.WS2_32(?), ref: 03085C07
          • Part of subcall function 03085B64: shutdown.WS2_32(?,00000001), ref: 03085C1F
          • Part of subcall function 03085B64: closesocket.WS2_32(?), ref: 03085C29
        • RtlDeleteCriticalSection.NTDLL(?), ref: 030908E7
        • RtlDeleteCriticalSection.NTDLL(?), ref: 0309096E
        • CloseHandle.KERNEL32(?), ref: 030909AD
          • Part of subcall function 03083164: RtlDeleteCriticalSection.NTDLL(00000000), ref: 03083185
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalDeleteSection$Close$EventHandle$CancelCurrentErrorExchangeInterlockedLastObjectSingleThreadTimerWaitWaitableclosesocketsendshutdown
        • String ID:
        • API String ID: 1398530123-0
        • Opcode ID: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction ID: 21eb62ea20c0b57072927942949c6cf904912ee74b9ab3c91f5d4d3f90da7fd7
        • Opcode Fuzzy Hash: 7c140fe42f14c60f1c6c4ef5b803b3624cbc91968c89cb0684a5b83c5fe10340
        • Instruction Fuzzy Hash: 0671C0B1B02656BBEB54DF78CCC8A9AF7E8FB44310F54462AE528D7250CB34E854CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 03087B08
        • LoadLibraryA.KERNEL32(?), ref: 03087B24
        • GetProcessHeap.KERNEL32(00000000,?,?), ref: 03087B4A
        • RtlReAllocateHeap.NTDLL(00000000), ref: 03087B51
        • GetProcessHeap.KERNEL32(00000000,?), ref: 03087B5B
        • RtlAllocateHeap.NTDLL(00000000), ref: 03087B62
        • GetProcAddress.KERNEL32(00000000,?), ref: 03087BAF
        • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 03087BD2
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Heap$AllocateHugeProcessRead$AddressLibraryLoadProc
        • String ID:
        • API String ID: 2432896279-0
        • Opcode ID: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction ID: eb0542c2e1814304c75d21d29d54dfe6d8dacc2dffd0ef1f440009370e310852
        • Opcode Fuzzy Hash: 27a6050f4078697ea104af1d8962fc467e3ca8d07fd17e9f9755e0960d258625
        • Instruction Fuzzy Hash: 2041807560121A9FD710DF6CCC84B6AB7EAFF48719F248569E989D3351DB30E811CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • socket.WS2_32(00000002,00000002,00000011), ref: 03085363
        • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 0308539C
        • WSACreateEvent.WS2_32 ref: 030853CE
        • gethostbyname.WS2_32(?), ref: 030853D8
        • htons.WS2_32(?), ref: 030853F1
        • WSAEventSelect.WS2_32(?,?,00000030), ref: 0308540F
        • connect.WS2_32(?,?,00000010), ref: 03085424
        • WSAGetLastError.WS2_32(?,?,?,?,10016A3C), ref: 03085433
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
        • String ID:
        • API String ID: 603330298-0
        • Opcode ID: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction ID: 8148e16dbe962fb2194196363f57e4af76c82947615cc5d463d89db0eee5dae2
        • Opcode Fuzzy Hash: 2f6170fe7793fae40d8c475a32346895c8d732e0baf593229f567ff413673a7c
        • Instruction Fuzzy Hash: 2B315CB5A00305AFE714DFA4CC85EBFB7B9FB48710F104A19F622972D0DA74DA008B50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 03085B69
        • SetLastError.KERNEL32(0000139F,?,100120A0,0308528C), ref: 03085C58
          • Part of subcall function 030847A4: SwitchToThread.KERNEL32 ref: 030847CE
        • send.WS2_32(?,1001242C,00000010,00000000), ref: 03085BCA
        • SetEvent.KERNEL32(?), ref: 03085BED
        • InterlockedExchange.KERNEL32(?,00000000), ref: 03085BF9
        • WSACloseEvent.WS2_32(?), ref: 03085C07
        • shutdown.WS2_32(?,00000001), ref: 03085C1F
        • closesocket.WS2_32(?), ref: 03085C29
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLastSwitchclosesocketsendshutdown
        • String ID:
        • API String ID: 518013673-0
        • Opcode ID: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction ID: 4f6d93e91d4bf11a8192bd07c6fec362a93dbd67f7cc80739940a77630fc09a5
        • Opcode Fuzzy Hash: 2c0984e81233706eda109f7cfdfdb22ddbe137d82158a4053038bec4a53cc121
        • Instruction Fuzzy Hash: C32146B42017109BE734EF68CD88B9BB7F5BB89710F18891CE2828B690D7B9E455CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004074
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004087
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004090
        • ResetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004099
          • Part of subcall function 10001590: HeapFree.KERNEL32(?,00000000,?,?,?,100040A6,?,00000000,10004039,?,7622DFA0,10003688), ref: 100015D0
          • Part of subcall function 10001490: HeapFree.KERNEL32(?,00000000,?,?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014AD
          • Part of subcall function 10001490: free.MSVCR100(?,?,100040B1,?,00000000,10004039,?,7622DFA0,10003688), ref: 100014C9
        • HeapDestroy.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 100040B9
        • HeapCreate.KERNEL32(?,?,?,?,00000000,10004039,?,7622DFA0,10003688), ref: 100040D4
        • SetEvent.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004150
        • LeaveCriticalSection.KERNEL32(?,?,00000000,10004039,?,7622DFA0,10003688), ref: 10004157
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeavefree
        • String ID:
        • API String ID: 2266972149-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: abe02a8f5fd2b185b55b8b2198ceb9a02868102944284aaa097629f2161f4b01
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: F33134B0200A02EFE709DF24CC88B96F7A8FF48351F118249E52987265DB74F861CBE0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP100(40B6422C,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 100079B6
        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP100(00000000,40B6422C,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A13
        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP100(?,00000000,00000000,40B6422C,00000000,00000000,00000000,6CF8D4A2,?,00000000,00000000), ref: 10007A40
        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP100(00000004,00000000,?,00000000,00000000), ref: 10007A7D
        • ?uncaught_exception@std@@YA_NXZ.MSVCP100(?,00000000,00000000), ref: 10007A8A
        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP100(?,00000000,00000000), ref: 10007A99
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
        • String ID:
        • API String ID: 753523128-0
        • Opcode ID: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction ID: 6cc8fedeefd2348cc42fc3f1d62d83d76153cefba0934ff24fd3dbbcdc4eaf8e
        • Opcode Fuzzy Hash: be2200ccc34709df936555c286a4e6f41352b9245c3659b205c52e8aa45236c4
        • Instruction Fuzzy Hash: 4B71BC74A00605CFEB10CFA8C984A9EBBF1FF893A4F218258D95997395C735EE01CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 10003883
        • SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 100038C4
        • WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 10003931
        • GetCurrentThreadId.KERNEL32 ref: 1000395C
        • GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 100039F4
        • SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 10003A22
        • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 10003A39
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
        • String ID:
        • API String ID: 3058130114-0
        • Opcode ID: 386561f154579a46c4047c4727005d010c28f2c953f1c25df01f3792f9f1ed68
        • Instruction ID: c9627e5440d77a1ecd41674840b08fbe8c8887cffa4f546fa8e64da710b09f17
        • Opcode Fuzzy Hash: 386561f154579a46c4047c4727005d010c28f2c953f1c25df01f3792f9f1ed68
        • Instruction Fuzzy Hash: 6D518EB46007029BF762CF64C981B9BB7E8FF05794F118519E996DB289EBB0F940CB41
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: lstrlen
        • String ID: MSIINSTANCEGUID=
        • API String ID: 1659193697-2015669138
        • Opcode ID: b58d064aedcb8878ac33e608f5ce8653656a364dcafa0dbd300234aff8c83a16
        • Instruction ID: 7a681f419f8d8e71bd000dbdbbc65b96b554176f7f631c36fef349b8020f5073
        • Opcode Fuzzy Hash: b58d064aedcb8878ac33e608f5ce8653656a364dcafa0dbd300234aff8c83a16
        • Instruction Fuzzy Hash: 3141C279A002249BDB109B74EC4DBEE7FB9BB9531DF040164EA19A3250EB34DD49DB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleExW.KERNEL32(00000000,Msi.dll,00000000,00000000,?,?,00543B73), ref: 00545C06
        • GetProcAddress.KERNEL32(00000000,QueryInstanceCount), ref: 00545C18
        • FreeLibrary.KERNEL32(00000000,?,?,00543B73), ref: 00545C35
        • FreeLibrary.KERNEL32(00000000,?,?,00543B73), ref: 00545C42
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: FreeLibrary$AddressHandleModuleProc
        • String ID: Msi.dll$QueryInstanceCount
        • API String ID: 1227796897-1207408768
        • Opcode ID: 87956708df4e0a1b96ffa5d238b654ff9f849f019d1a6616fa3ecddf0dfbbe8d
        • Instruction ID: 56845fac43b0bd38c46570c7cc685588c8ad2de71ef3d34adab00f811294ba77
        • Opcode Fuzzy Hash: 87956708df4e0a1b96ffa5d238b654ff9f849f019d1a6616fa3ecddf0dfbbe8d
        • Instruction Fuzzy Hash: 0AF05E35A51618FBDB116B61DD09ADE7EB9FF1674EF100560E802E1060EB74CE04FA78
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: lstrlen
        • String ID: PECMS$PackageCode$REINSTALL=ALL REINSTALLMODE=%s$rpoedcamusv
        • API String ID: 1659193697-1647986965
        • Opcode ID: 8ae6aa5cfcdcb430a6a977aa8a4292bfdb243a5417e3821d1e5f230053ab34ef
        • Instruction ID: 29fb10892669ab11e0660443bfec6b4f77dfe414989ea06e4177025b35b9402f
        • Opcode Fuzzy Hash: 8ae6aa5cfcdcb430a6a977aa8a4292bfdb243a5417e3821d1e5f230053ab34ef
        • Instruction Fuzzy Hash: 4861E5766087429BD730DA64D859BEB7BE8FB9431CF10482AF985C7181FBB0D908D681
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 03086ACE
        • WSASetLastError.WS2_32(0000139F), ref: 03086AE6
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03086AF0
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeave
        • String ID:
        • API String ID: 4082018349-0
        • Opcode ID: 04e2ff4b7ecd456b9c78cffbac91a2c270c552a68ca90944bf69f9b07b301b9f
        • Instruction ID: e473cedef5bacc76bf208e57dfbc01ab8aef6dba2bb437017e6eca2fffa485b0
        • Opcode Fuzzy Hash: 04e2ff4b7ecd456b9c78cffbac91a2c270c552a68ca90944bf69f9b07b301b9f
        • Instruction Fuzzy Hash: 0E31AFB6605748ABD710EF98DC85F6AB3E8FB88714F00856AFA55C7780E736E850CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ??2@YAPAXI@Z.MSVCR100 ref: 10009CCD
        • ??0_Locinfo@std@@QAE@PBD@Z.MSVCP100(00000000), ref: 10009D04
        • ??0facet@locale@std@@IAE@I@Z.MSVCP100(00000000), ref: 10009D1F
        • ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ.MSVCP100(?), ref: 10009D34
        • ??1_Locinfo@std@@QAE@XZ.MSVCP100 ref: 10009D63
        • ??3@YAXPAX@Z.MSVCR100 ref: 10009D78
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Locinfo@std@@$??0_??0facet@locale@std@@??1_??2@??3@Collvec@@Getcoll@_
        • String ID:
        • API String ID: 672040072-0
        • Opcode ID: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction ID: 6d38864b3604a543645cb332f0b654c4168c02bc5c0d4398eb4a7e5563f7d8da
        • Opcode Fuzzy Hash: a31780d3c509027a6b86d559931b4f8f8c7ba201d55ae9c0116a9f9b7fe3f546
        • Instruction Fuzzy Hash: C0314AB1D40219EFEB10CFA8D884B9EBBF4FF48350F10812AE916A7391DB759945CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0054878A: GlobalAlloc.KERNEL32(00000040,00000000,00000000,00000001,00000000,?,00545E28,00000100), ref: 005487A2
          • Part of subcall function 0054878A: GlobalFree.KERNEL32(?), ref: 005487C0
        • GetModuleFileNameW.KERNEL32(?,00000104,00000104,?,?,00001388,?,0054A2B0,000000A8,00546E7E,00000000,00000000,?), ref: 00544457
        • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,0054A2B0,000000A8,00546E7E,00000000,00000000,?), ref: 005444E0
        • GlobalFree.KERNEL32(?), ref: 0054450F
        • GlobalFree.KERNEL32(?), ref: 00544590
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Global$Free$Alloc$FileModuleName
        • String ID: %d.%d.%.4d.%d
        • API String ID: 906160587-3399825337
        • Opcode ID: b5d1069393ae89dda88e63e26533de32c2cd2c9230f43a94527333cd37dacbba
        • Instruction ID: 86cc145982d541d1220652bfe174bdf7ae30c1d1bf3d0e26d71203977d078043
        • Opcode Fuzzy Hash: b5d1069393ae89dda88e63e26533de32c2cd2c9230f43a94527333cd37dacbba
        • Instruction Fuzzy Hash: CA7157B5A402289FDF20CB64CC49BEEBBB9FF45314F1041A9A909A3291EB305E84DF11
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 03087726
        • RegSetValueExA.ADVAPI32(?,10012554,00000000,00000001), ref: 0308774E
        • RegCloseKey.ADVAPI32(?), ref: 03087758
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1818849710-2058306683
        • Opcode ID: b15f36b06cf252665414ba7193a4e9c211dfddb7d97f155871b61ca86fdeac6f
        • Instruction ID: aaf08c0b69a74c70f803a368b461875dc977c6ec4d5a1b14afb9941e160dfdcf
        • Opcode Fuzzy Hash: b15f36b06cf252665414ba7193a4e9c211dfddb7d97f155871b61ca86fdeac6f
        • Instruction Fuzzy Hash: E231CF6B94F2805EF34287285CD55D97F50BA6F230FAF01EAD2C25B0A3E194E64B8371
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: free
        • String ID:
        • API String ID: 1294909896-0
        • Opcode ID: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction ID: 2248d53c8ad73fefe2d8a0af2be52691c1fe3b42b9fa1e3d89f408cd27c27365
        • Opcode Fuzzy Hash: a63082025186e3b9da3d0a4e5961e37a0112c042459c006050c20ed51d391410
        • Instruction Fuzzy Hash: CE512671A016118FE711CF18C894B997BE6FF49384F16C0A5D809AB269C731ED14CBE2
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(vector<T> too long,40B6422C,?,00000000,?,10008EF2), ref: 1000C89C
        • memmove.MSVCR100 ref: 1000C8F5
        • memmove.MSVCR100 ref: 1000C91C
        • ??3@YAXPAX@Z.MSVCR100 ref: 1000C933
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: memmove$??3@Xlength_error@std@@
        • String ID: vector<T> too long
        • API String ID: 2515916401-3788999226
        • Opcode ID: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction ID: e501c6923f54ba89ccdbd2f59e3d5b1f9b8150dd06615e252722541e9c4b1898
        • Opcode Fuzzy Hash: 52216f26f689d9ccb64bc7376d67fb9a1ad3a9b4396c9ce62a2b90e95e6ce4ef
        • Instruction Fuzzy Hash: 5F41B3B5A003089FDB18CF68CC99E6FB7B5FB88350F11862DE81693784DB31A904CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: bf7e846e527143e72d96ce0d85308407f862d8ba0a6fac12cf0294eda5df4f11
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 6B31A2B1640300ABF750CF68DC85F6B77EAEF88795F144159FA48CB346E6B1E9008B91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryExA.KERNEL32(?), ref: 005491E4
        • GetProcAddress.KERNEL32(?,?), ref: 0054924F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: $
        • API String ID: 2574300362-3993045852
        • Opcode ID: 0376a897d26c597c7fd6ff1c4edf2903be3a7732ceec072d146136a46eb11256
        • Instruction ID: f715d3fa13cb5d580628ca99b7c7a7368eb5f04ef21a290533c52932bb888faa
        • Opcode Fuzzy Hash: 0376a897d26c597c7fd6ff1c4edf2903be3a7732ceec072d146136a46eb11256
        • Instruction Fuzzy Hash: A8316E79A04215AFCB11CFA9C845AEFBFB5FF89718F148059E808E7250E7709D05DB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 03086DBA
        • RegCloseKey.ADVAPI32(?), ref: 03086E8F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseCreate
        • String ID: BITS$Host$SYSTEM\Setup
        • API String ID: 2932200918-2174744495
        • Opcode ID: 73c721a499a5fe2d10a3c1e7f38b20dad448caaf347183109bef55fe409992c5
        • Instruction ID: 35d71725086c99a18b784f3c3266c99096930350ccf7c6aff5a9bed727fc2a03
        • Opcode Fuzzy Hash: 73c721a499a5fe2d10a3c1e7f38b20dad448caaf347183109bef55fe409992c5
        • Instruction Fuzzy Hash: 2731737150161EABEF25EB64CC98FEAB7B9EB48300F0441D5E608AB150DB71AA85CF50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(0054C838,?,?,?,00543C1E,00000000,00000000), ref: 00543C31
        • SetServiceStatus.ADVAPI32(0054C850,?,?,?,00543C1E,00000000,00000000), ref: 00543CC0
        • GetLastError.KERNEL32(?,?,?,00543C1E,00000000,00000000), ref: 00543CCC
        • LeaveCriticalSection.KERNEL32(0054C838,?,?,?,00543C1E,00000000,00000000), ref: 00543CDF
        Strings
        • SetServiceStatus failed., xrefs: 00543CD4
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterErrorLastLeaveServiceStatus
        • String ID: SetServiceStatus failed.
        • API String ID: 427148986-1344523210
        • Opcode ID: 3cf773e95674f4f3edf8653eb239ccaa619bbccc8b16cb56a6a6b2cee00f8305
        • Instruction ID: 8fe107885babbb10f2105d4dad4e377dd3186d27163a1c688f4f73974f28f509
        • Opcode Fuzzy Hash: 3cf773e95674f4f3edf8653eb239ccaa619bbccc8b16cb56a6a6b2cee00f8305
        • Instruction Fuzzy Hash: 2E115E3A902255DBD7509F29EC887D97FE4FBE675DF00402AE809A3230D7708D48EB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A,?,00548B8F,?,?), ref: 00548AE8
        • LoadLibraryW.KERNEL32(COMCTL32,00548B8F,?,?), ref: 00548B10
        • GetProcAddress.KERNEL32(?,InitCommonControlsEx), ref: 00548B2E
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProcSleep
        • String ID: COMCTL32$InitCommonControlsEx
        • API String ID: 188063004-472741233
        • Opcode ID: 322575ac5aa4bb4a19b12fa1197ab9767212031235b3f72d0268712f8ec86241
        • Instruction ID: 92942c33cdafa58453a574c1733d518bdddfd14e96d83c0a66d3c69ab85124a8
        • Opcode Fuzzy Hash: 322575ac5aa4bb4a19b12fa1197ab9767212031235b3f72d0268712f8ec86241
        • Instruction Fuzzy Hash: BCF04F79A412828AD7569735AC0CBEA3EF4FBB634DF040432D804C6260EF74C409EB10
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 03087726
        • RegSetValueExA.ADVAPI32(?,10012554,00000000,00000001), ref: 0308774E
        • RegCloseKey.ADVAPI32(?), ref: 03087758
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: Host$SYSTEM\Setup
        • API String ID: 1818849710-2058306683
        • Opcode ID: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction ID: 83bb250a1243e792e86c0dca34c26213c4363af6435a2e40b799d3cd3af16aea
        • Opcode Fuzzy Hash: 5245e823e06181a48ac4fccda076b79285e5b0fdbcc7a09f940e209ead4a6699
        • Instruction Fuzzy Hash: F3F0E5B4200218FBE711DF648C98FBB7B6EEB45701F208284FD4597201DA31DA24D7A0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegCreateKeyA.ADVAPI32(80000002,1001253C,?), ref: 03087776
        • RegSetValueExA.ADVAPI32(?,1001254C,00000000,00000001), ref: 0308779E
        • RegCloseKey.ADVAPI32(?), ref: 030877A8
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseCreateValue
        • String ID: BITS$SYSTEM\Setup
        • API String ID: 1818849710-3074452007
        • Opcode ID: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction ID: dd8604c52bc82a70ea1dd3a4c08080512396bfb65e79418f7056c41ba1d3da47
        • Opcode Fuzzy Hash: 32e98433b4f1e4ce03c4c961134eba778f5f87229a2581da8debd79e4deb90d7
        • Instruction Fuzzy Hash: 17F0E5B4200218FBE711DB648C9CFBBBBAEDB45701F208284FD4597202DA31DA24DBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVersion.KERNEL32(00546E67,?), ref: 005463A0
        • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 005463B3
        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 005463C4
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressHandleModuleProcVersion
        • String ID: HeapSetInformation$Kernel32.dll
        • API String ID: 3310240892-3460614246
        • Opcode ID: b652e44a37d1fc96da1d7a66295b7c79d70e37bc6d8fe4a34c4140d7b0370833
        • Instruction ID: 7c1cb7cb8196ee003302160da68faaf6fcf47b5d7a669bad6c6232ba982c9058
        • Opcode Fuzzy Hash: b652e44a37d1fc96da1d7a66295b7c79d70e37bc6d8fe4a34c4140d7b0370833
        • Instruction Fuzzy Hash: D7E08C347412616BDA645F72EC8CBEB7E6DFB13B8E7004811BC01E3190DA60CC4196B5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C516
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000025,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C532
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000001,?,?,?,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C56A
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C58F
        • ?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z.MSVCP100(00000000,0000005E,?,?,?,?,1000BC7E,?,?,?,1000B2B0,?,?), ref: 1000C5B2
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: W4error_type@regex_constants@12@@Xbad@tr1@std@@
        • String ID:
        • API String ID: 2760534091-0
        • Opcode ID: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction ID: 2adda53bfecaf5693144e3649aac370d2f11c3849cca496122a0097df8de87c8
        • Opcode Fuzzy Hash: 64f2b2c312eacd87e385498825d7c9912e1081b5f3d7e8fba066ed053639d760
        • Instruction Fuzzy Hash: D741FF79500B898FF730CB24CC95F6677E6EB413D6F620929E6C68259AC375BC808741
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • recv.WS2_32(?,?,00000598,00000000), ref: 030858C3
        • SetLastError.KERNEL32(00000000,?,00000001,?,030856DB), ref: 030858FE
        • GetLastError.KERNEL32 ref: 03085949
        • WSAGetLastError.WS2_32(?,00000001,?,030856DB), ref: 0308597F
        • WSASetLastError.WS2_32(0000000D,?,00000001,?,030856DB), ref: 030859A6
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$recv
        • String ID:
        • API String ID: 316788870-0
        • Opcode ID: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction ID: 6ac1a305888eb244b8af089145a6bf36f127ebef0c01a8f2a6f85c2350a307a0
        • Opcode Fuzzy Hash: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction Fuzzy Hash: 543123766022008FEB54EF28CCC87A937A9EB86330F140566ED89CF295D631D8818B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • recv.WS2_32(?,?,00000598,00000000), ref: 10003CBF
        • SetLastError.KERNEL32(00000000,?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003CFA
        • GetLastError.KERNEL32(00000000), ref: 10003D45
        • WSAGetLastError.WS2_32(?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003D7B
        • WSASetLastError.WS2_32(0000000D,?,?,1000399F,?,?,00000000,000000FF,00000000), ref: 10003DA2
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$recv
        • String ID:
        • API String ID: 316788870-0
        • Opcode ID: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction ID: 1e9f8830d608a5492e91579f2a071d5048403b8d015cb3fd95501c97ae0d1e16
        • Opcode Fuzzy Hash: 9992c0720d1051483c777d1ae4c005d465b120c6c904fad9613a8cf11c031480
        • Instruction Fuzzy Hash: 7631ADB26042508FFB51DF68E8C4B5B77ADFB843A0F118166ED05DB29AD771E8808B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(?), ref: 03085C78
          • Part of subcall function 03083094: HeapFree.KERNEL32(?,00000000,?,?,?,03085CB5,?,00000000,03085C3D,?,100120A0,0308528C), ref: 030830B1
        • HeapDestroy.KERNEL32(?,?,00000000,03085C3D,?,100120A0,0308528C), ref: 03085CBD
        • HeapCreate.KERNEL32(?,?,?,?,00000000,03085C3D,?,100120A0,0308528C), ref: 03085CD8
        • SetEvent.KERNEL32(?,?,00000000,03085C3D,?,100120A0,0308528C), ref: 03085D54
        • RtlLeaveCriticalSection.NTDLL(?), ref: 03085D5B
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave
        • String ID:
        • API String ID: 563679510-0
        • Opcode ID: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction ID: 067b9bf010ee7cf129cf8b287bf399d2b54d2baa8c9df9c7e1001b27fa91d9c8
        • Opcode Fuzzy Hash: d810d82017d04e745bcc865961b86a46bf093854d66d10a17b6dad04ae550a49
        • Instruction Fuzzy Hash: 99315A74201A02EFD745EB78CC88B95F7A8FF89310F148259E5698B260DB35F815CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 030910DC
        • GetThreadDesktop.USER32(00000000), ref: 030910E3
        • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 03091110
        • SetThreadDesktop.USER32(00000000), ref: 03091123
        • CloseDesktop.USER32(00000000), ref: 0309112E
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: DesktopThread$CloseCurrentInformationObjectUser
        • String ID:
        • API String ID: 2068333509-0
        • Opcode ID: b8ea157c4fc550160d34ef1a493cf333ab379efc9c544d18612d2f6c54bf6db2
        • Instruction ID: 9b146f6e5283bbd38ce7008ad5183a3349f39641871aad12a370ff74c5c27e28
        • Opcode Fuzzy Hash: b8ea157c4fc550160d34ef1a493cf333ab379efc9c544d18612d2f6c54bf6db2
        • Instruction Fuzzy Hash: 4A1198B1A01219BFEB25DFA4CC85BEFBBB8FB48710F00826AE515D7290DB749950CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32 ref: 1000F4D8
        • GetThreadDesktop.USER32(00000000), ref: 1000F4DF
        • GetUserObjectInformationA.USER32(00000000,00000002,?,00000100,?), ref: 1000F50C
        • SetThreadDesktop.USER32(00000000), ref: 1000F51F
        • CloseDesktop.USER32(00000000), ref: 1000F52A
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: DesktopThread$CloseCurrentInformationObjectUser
        • String ID:
        • API String ID: 2068333509-0
        • Opcode ID: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction ID: e3654efe5a9c41a35c8fe53e000b4725a99ad254c1d46276c4c7e896ea0ff50d
        • Opcode Fuzzy Hash: 253944155f6201956c1e83b8b6dea897408004536f59fc550a6185fc402368f7
        • Instruction Fuzzy Hash: 2D1186B1900619AFE725CFA4CC85BEEBBB8FB08751F00426DE605D3280DB74AA51DB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00549E62
        • GetCurrentProcessId.KERNEL32 ref: 00549E71
        • GetCurrentThreadId.KERNEL32 ref: 00549E7A
        • GetTickCount.KERNEL32 ref: 00549E83
        • QueryPerformanceCounter.KERNEL32(?), ref: 00549E98
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
        • String ID:
        • API String ID: 1445889803-0
        • Opcode ID: cd46bf33f67605e8f48de70d6b56e0c4f71c62aa99cc0cf42caf365c183c7297
        • Instruction ID: 3aa44c694dad6e9463eeb43ae424f83c231e94079d8cf7bda5e7aaaf8ee0c131
        • Opcode Fuzzy Hash: cd46bf33f67605e8f48de70d6b56e0c4f71c62aa99cc0cf42caf365c183c7297
        • Instruction Fuzzy Hash: 3E111C75D01208EBCB10DBB8D9496DEBBF5FFA9318F514859D805E7210E7309A14EB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050E3
        • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 100050ED
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005100
        • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 10005103
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction ID: 661dd8d1f1057579fac378a6383bad147ae81678adba66077f2b2364c2a68813
        • Opcode Fuzzy Hash: 05bab39c701c63c8666da4459706d5bc8f0552e2f5b10352ffbcd0d2f63296f1
        • Instruction Fuzzy Hash: 6201A2B62002209FE310EB69ECC4B9BB3E8EB88395F014829E10683210C774EC468BA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 03084A20
        • CancelIo.KERNEL32(?), ref: 03084A2A
        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 03084A33
        • closesocket.WS2_32(?), ref: 03084A3D
        • SetEvent.KERNEL32(00000001), ref: 03084A47
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
        • String ID:
        • API String ID: 1486965892-0
        • Opcode ID: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction ID: c8fa3f5e49d8c3704ed1b9d0636c359bba7bafc1e2b750be19272546dd1d375b
        • Opcode Fuzzy Hash: ef2d365f87cf834f3a9a23f601a3f349cc57bda0173b78ee977a633e507aa730
        • Instruction Fuzzy Hash: 5EF0FFB6100710EFE320DB94CD89F56B7F8FB49B11F108A59FA9697690C6B4F518CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __IsNonwritableInCurrentImage.LIBCMT ref: 00549B4E
        • ?terminate@@YAXXZ.MSVCRT ref: 00549BF7
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: ?terminate@@CurrentImageNonwritable
        • String ID: csm$csm
        • API String ID: 3343398186-3733052814
        • Opcode ID: 6a9889acf25dfb2b24fd4dd77fef20d056bab0eb1d66260eee97a2dd416b2375
        • Instruction ID: 902c6fdfdc78ffebbe49c6e5e931a1d33c453c161348cf4415a449a412bef698
        • Opcode Fuzzy Hash: 6a9889acf25dfb2b24fd4dd77fef20d056bab0eb1d66260eee97a2dd416b2375
        • Instruction Fuzzy Hash: AF51CE34A00219ABCF10DF69D88A9EFBFB5FF84328F148095E8159B296C731DD51CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsCharAlphaNumericW.USER32(?,00000000,00000104,00000000,?,?,?,?,?,00546B65,?,?,?), ref: 0054614F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AlphaCharNumeric
        • String ID: "$Property value is too long.$ekT
        • API String ID: 1535711457-2279607693
        • Opcode ID: 0f5df38ab235194ff3feb3d308022e04e95e5e815adfbe91bf5db945a51b1a05
        • Instruction ID: 24af50ca71542867b1fe1561bcbe4379f331ddccf2a8cac45bcd3740e1f969b0
        • Opcode Fuzzy Hash: 0f5df38ab235194ff3feb3d308022e04e95e5e815adfbe91bf5db945a51b1a05
        • Instruction Fuzzy Hash: 4E41E879E04121ABCB24EF6984447FABBF1FBA9718B648425D8C1E7284F6708D41C351
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(Msi.dll), ref: 00543D10
        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00543D29
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: DllGetClassObject$Msi.dll
        • API String ID: 2574300362-3279299384
        • Opcode ID: 08a583ef6a646933755f382ea740c637cbf1949ad85aafd7237ce246811e9df5
        • Instruction ID: 3f29cbcf1e30a5274e118775ad55473cda7a3d5ffb950a71d96091be90e7133c
        • Opcode Fuzzy Hash: 08a583ef6a646933755f382ea740c637cbf1949ad85aafd7237ce246811e9df5
        • Instruction Fuzzy Hash: 56314B39B10224AFCB04DB69DC44D9EBFB8FF997587014059F806E32A0DB70AE009B60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • LoadLibraryW.KERNEL32(Msi.dll,00000000,00000000,?,?,?,005476B2), ref: 00543E19
        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00543E2E
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProc
        • String ID: DllGetClassObject$Msi.dll
        • API String ID: 2574300362-3279299384
        • Opcode ID: 60ed8f2e2921466aed30fff281cf8b284412aa2f97db218321895c89525fb013
        • Instruction ID: 1cda716a5bfecc39a772e520c855aa45b3085880672bb9dc22d9e115ee641530
        • Opcode Fuzzy Hash: 60ed8f2e2921466aed30fff281cf8b284412aa2f97db218321895c89525fb013
        • Instruction Fuzzy Hash: 57114C75A11615AFD704DB55CC44AEE7BBCFB19759F004058F806E3260DA70EE049B60
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 00548A77
        • LoadLibraryW.KERNEL32(COMCTL32), ref: 00548AA1
        • GetProcAddress.KERNEL32(?), ref: 00548AC1
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressLibraryLoadProcSleep
        • String ID: COMCTL32
        • API String ID: 188063004-3719691325
        • Opcode ID: 607be0e16e908bb9aaeb8ee3f7a367c2e1074bf1f6e82ddfe5a85fc7bb7f0ccb
        • Instruction ID: 920e2913ccda542093f8120434f9dd4c9c0351dbdd2299b9aa6ae1970a07ce09
        • Opcode Fuzzy Hash: 607be0e16e908bb9aaeb8ee3f7a367c2e1074bf1f6e82ddfe5a85fc7bb7f0ccb
        • Instruction Fuzzy Hash: 6001B5366052519FD7199B369C196AA3EF5FBD232CF08043EE905C7150EEB0CC04D760
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcessHeap.KERNEL32(00000000,?,00000000,03087D2E), ref: 03087EB2
        • HeapFree.KERNEL32(00000000), ref: 03087EB9
        • VirtualFree.KERNEL32(?,00000000,00008000,03087D2E), ref: 03087ECF
        • GetProcessHeap.KERNEL32(00000000,00000000,03087D2E), ref: 03087ED8
        • HeapFree.KERNEL32(00000000), ref: 03087EDF
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Heap$Free$Process$Virtual
        • String ID:
        • API String ID: 1594822054-0
        • Opcode ID: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction ID: 9def8725eea40df53c263092772abb7f202bfb98d821b5177e9630412d597e0b
        • Opcode Fuzzy Hash: 3a44374d6a47a046448e27415888fdc958982d6d1315f3644ef4592ea41d9fe0
        • Instruction Fuzzy Hash: 0A11EC71601610EFE671DF65CC88B57B7E9AF89B11F248918E196865A4C774E841CB20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,10016034,?,?,?,?,00000000,10010C3B,000000FF,?,0308F683), ref: 03090CF7
        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,00000000,10010C3B,000000FF,?,0308F683), ref: 03090D96
          • Part of subcall function 03083164: RtlDeleteCriticalSection.NTDLL(00000000), ref: 03083185
        • InterlockedExchange.KERNEL32(?,00000000), ref: 03090F24
        • timeGetTime.WINMM(?,?,00000000,10010C3B,000000FF,?,0308F683), ref: 03090F2A
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$CountCreateDeleteEventExchangeInitializeInterlockedSpinTimetime
        • String ID:
        • API String ID: 106064292-0
        • Opcode ID: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction ID: c71af5447f2a099fcadb4b66f02a3c9488ec66b7a7cdea6567ee67d80167d867
        • Opcode Fuzzy Hash: 5f0741b285fe4d152f44681ae2b848d33e4909aebaf77bf485f7c7d38ecdd14b
        • Instruction Fuzzy Hash: 9181D6B0A01A46BFE744DF7AC8C4796FBA8FB49304F50822EE12D87640D775A964CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: memcpy
        • String ID: `
        • API String ID: 3510742995-2679148245
        • Opcode ID: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
        • Instruction ID: 4ae7f8bd2b6eb1849d96c740369ee3de6246a9374a1e7035e3d5975be8e2cc37
        • Opcode Fuzzy Hash: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
        • Instruction Fuzzy Hash: 5251D972A00225AFCB24CFA8C8896EABBB5FF49314B154555E918EB381E771EE40C791
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • lstrcmpW.KERNEL32(?,005413CC,?,mewuifsoarpcvxgh!), ref: 00544A83
        • lstrcmpW.KERNEL32(?,005413D0,?,mewuifsoarpcvxgh!), ref: 00544A93
        • lstrcmpW.KERNEL32(?,005413D8,?,mewuifsoarpcvxgh!), ref: 00544AA3
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: lstrcmp
        • String ID: mewuifsoarpcvxgh!
        • API String ID: 1534048567-2729521250
        • Opcode ID: f238a3349f6a3d6a9855ec0b86b9ca083ce0fe7c6b738befaea2aa7bf94f76a6
        • Instruction ID: 03c31f0e2c5bfe40a5f103d40607d90b227f95a7506ad5832e74af562c5d74a8
        • Opcode Fuzzy Hash: f238a3349f6a3d6a9855ec0b86b9ca083ce0fe7c6b738befaea2aa7bf94f76a6
        • Instruction Fuzzy Hash: B041D636BD0215A6DB209F66E885BEEBBB6FF4471CF14402AE901E7290E7708D81DB54
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction ID: 798b52dd1617062516942c0a08fc928f63217bba8ed5fcde2b5ed8bfb8ea217a
        • Opcode Fuzzy Hash: a861f962d0387df3ca6488c8e975b4b2860bca14fd5f84a350aeeeed9ecd9f46
        • Instruction Fuzzy Hash: 7D3196B56013046BE760EF68CC81F7A77E9EF88B14F144599FA48CB245E6B1E8018B95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,0054A2B0,000000A8,00546E7E,00000000,00000000,?), ref: 005444E0
        • GlobalFree.KERNEL32(?), ref: 0054450F
        • GlobalFree.KERNEL32(?), ref: 00544590
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Global$Free$Alloc
        • String ID: %d.%d.%.4d.%d
        • API String ID: 1780285237-3399825337
        • Opcode ID: cced87420dc174aba9560bf1ceed1c75e6a811a5c62421b9026ebaafb372d63d
        • Instruction ID: aabad7197d222acc967c06d2f39bd3b77e3496fc17f57dbde8833206de1494de
        • Opcode Fuzzy Hash: cced87420dc174aba9560bf1ceed1c75e6a811a5c62421b9026ebaafb372d63d
        • Instruction Fuzzy Hash: 954159B5E402289FDF20CB64CD49BEEBBB9FB44354F2045A9E509A3291EB305E94CF10
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0308F94E
        • Thread32First.KERNEL32(00000000,?), ref: 0308F965
        • Thread32Next.KERNEL32(00000000,0000001C), ref: 0308FA46
        • CloseHandle.KERNEL32(00000000), ref: 0308FA55
        • OpenProcess.KERNEL32(00000401,00000000,00000000,?,?,00000000), ref: 0308FAC1
        • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 0308FADE
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012680,?), ref: 0308FB9D
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012698,?), ref: 0308FBDC
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126A8,?), ref: 0308FC1B
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126C0,?), ref: 0308FC5A
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126D8,?), ref: 0308FC99
        • LookupPrivilegeValueA.ADVAPI32(00000000,100126EC,?), ref: 0308FCD8
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012700,?), ref: 0308FD17
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012714,?), ref: 0308FD56
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012734,?), ref: 0308FD95
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012750,?), ref: 0308FDD4
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001276C,?), ref: 0308FE13
        • LookupPrivilegeValueA.ADVAPI32(00000000,10012658,?), ref: 0308FE52
        • LookupPrivilegeValueA.ADVAPI32(00000000,1001278C,?), ref: 0308FE91
        • GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 0308FEE1
        • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008,?,?,00000000), ref: 0308FEF5
        • PostThreadMessageA.USER32(?,00000012,00000000,00000000), ref: 0308FF23
        • TerminateProcess.KERNEL32(?,00000000,00000000), ref: 0308FF40
        • CloseHandle.KERNEL32(?), ref: 0308FF5E
        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0308FF79
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: LookupPrivilegeValue$CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthMessageNextPostSnapshotTerminateThreadToolhelp32
        • String ID:
        • API String ID: 1747700738-0
        • Opcode ID: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction ID: ba27e3c3e4aa2aed8ef354f5d61a760ec79e7dcdab9a98c087f49f9657b071c6
        • Opcode Fuzzy Hash: 416799965fa07d6ecf9db15f010c6823b739d03ad05ebd79689af44d1f440f50
        • Instruction Fuzzy Hash: F131A971A01206EFDB14EF78D9849AEB7F9FB48714F148A2EE896D7240E770A941CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • timeGetTime.WINMM ref: 03086052
        • InterlockedExchange.KERNEL32(?,00000000), ref: 03086061
        • WaitForSingleObject.KERNEL32(?,00001770), ref: 030860AF
          • Part of subcall function 03085B64: GetCurrentThreadId.KERNEL32 ref: 03085B69
          • Part of subcall function 03085B64: send.WS2_32(?,1001242C,00000010,00000000), ref: 03085BCA
          • Part of subcall function 03085B64: SetEvent.KERNEL32(?), ref: 03085BED
          • Part of subcall function 03085B64: InterlockedExchange.KERNEL32(?,00000000), ref: 03085BF9
          • Part of subcall function 03085B64: WSACloseEvent.WS2_32(?), ref: 03085C07
          • Part of subcall function 03085B64: shutdown.WS2_32(?,00000001), ref: 03085C1F
          • Part of subcall function 03085B64: closesocket.WS2_32(?), ref: 03085C29
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: EventExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
        • String ID:
        • API String ID: 4080316033-0
        • Opcode ID: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction ID: d00db611ae3067294e178a5d656831cc4d9a27da8af7e2ad835ea0aed91dbc23
        • Opcode Fuzzy Hash: e50d0a99731e0e817939e94301644fdaa9739f40bbbe743b46ce5f21150e76e5
        • Instruction Fuzzy Hash: F8318FB6600714ABD620EF69DC84B97B3E8FF89710F004A0EE68AC7650D772E404CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Decref@facet@locale@std@@QAEPAV123@XZ.MSVCP100(40B6422C,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000,00000000), ref: 1000AD5A
        • ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP100(6CF90A41,40B6422C,00000000,?,00000000,?,10010928,000000FF,?,1000B858,?,?,?,?,1000ABBA,00000000), ref: 1000AD77
        • realloc.MSVCR100 ref: 1000ADA8
        • ?_Xmem@tr1@std@@YAXXZ.MSVCP100(00000000,10009965,?,?,?,10007D4F,?), ref: 1000ADB7
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: ?tolower@?$ctype@D@std@@Decref@facet@locale@std@@V123@Xmem@tr1@std@@realloc
        • String ID:
        • API String ID: 614970593-0
        • Opcode ID: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction ID: abf21dcca5e923101b205a66e10338edcc38fb522e78509ca6ecd785a8d20c3f
        • Opcode Fuzzy Hash: 62628369e6a2854aa2d3bfe35e2bf5f4c7cba9e8de91bb3c7256239f6b174587
        • Instruction Fuzzy Hash: C9317C79600604AFE720CF55C880B5AB7F5FF493A1F00865AED568B795C730E945CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000139F), ref: 03085FF0
          • Part of subcall function 03082EC4: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 03082EEF
          • Part of subcall function 03085DE4: RtlEnterCriticalSection.NTDLL(030869BF), ref: 03085DEC
          • Part of subcall function 03085DE4: RtlLeaveCriticalSection.NTDLL(030869BF), ref: 03085DFA
          • Part of subcall function 03086674: HeapFree.KERNEL32(?,00000000,?,00000000,0308685F,?,03085ECC,0308685F,00000000,?,100122A8,0308685F,?), ref: 0308669B
        • SetLastError.KERNEL32(00000000,?), ref: 03085FDB
        • SetLastError.KERNEL32(00000057), ref: 03086005
        • WSAGetLastError.WS2_32(?), ref: 03086014
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$CriticalHeapSection$AllocateEnterFreeLeave
        • String ID:
        • API String ID: 2160363220-0
        • Opcode ID: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction ID: aa9119342549967ca46c896cfcbd4b966173d187dbed86698623b32a062635b8
        • Opcode Fuzzy Hash: 768b210b59b67adbaec7a22c9422b2eca50573e3aa61276f749344c0b9931574
        • Instruction Fuzzy Hash: E411CA36A0222C9BDB10FF69EC846DEB7A8EF89221B4845A6FC4CD7201D631CD1186D0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WSAEventSelect.WS2_32(030856BF,00000001,00000023), ref: 03085806
        • WSAGetLastError.WS2_32 ref: 03085811
        • send.WS2_32(00000001,00000000,00000000,00000000), ref: 0308585C
        • WSAGetLastError.WS2_32 ref: 03085867
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: ErrorLast$EventSelectsend
        • String ID:
        • API String ID: 259408233-0
        • Opcode ID: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction ID: dddd8fab9fe3b5fa8c4efd52c692a48d6d78561f6f06e97f1622e69377030e95
        • Opcode Fuzzy Hash: 2833b560e330c2e5355f40b1eefe6bd557c2038ffcaf572886e662d649445041
        • Instruction Fuzzy Hash: 5C115EB56117009BE760EF79CCC8A97B6E9BBC9B10F104A2EE6A6C7690D735E410CB10
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 03087348
        • Process32First.KERNEL32(00000000,00000128), ref: 03087358
        • Process32Next.KERNEL32(00000000,00000128), ref: 03087381
        • CloseHandle.KERNEL32(00000000), ref: 03087394
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
        • String ID:
        • API String ID: 420147892-0
        • Opcode ID: cec46aac5fe3cb61888bab4e576d3b82cca15904472a454a76a8808f448acc43
        • Instruction ID: fc85fcec91721969f7700b7b50cbd428f5a788e0ccb4b3f4c5515932525bd130
        • Opcode Fuzzy Hash: cec46aac5fe3cb61888bab4e576d3b82cca15904472a454a76a8808f448acc43
        • Instruction Fuzzy Hash: F001B575602228AFE711EF608C84AEA77BDEB48740F0441A9E90986140DB70DE14CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RtlEnterCriticalSection.NTDLL(030869BF), ref: 03085DEC
        • RtlLeaveCriticalSection.NTDLL(030869BF), ref: 03085DFA
        • RtlLeaveCriticalSection.NTDLL(030869BF), ref: 03085E5B
        • SetEvent.KERNEL32(207E8915), ref: 03085E76
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CriticalSection$Leave$EnterEvent
        • String ID:
        • API String ID: 3394196147-0
        • Opcode ID: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction ID: f61d612bef0806921fb2c2fa1ed49a409ff99fda7786dfb3952ef70114ec6d7f
        • Opcode Fuzzy Hash: 8142f39c067e327b17979cc5f9ac469838d307295732668a1bbe15e9547eec94
        • Instruction Fuzzy Hash: 1311D3B1601B00AFD768DF79C984A96BBE9BF5D300F14C86DE59E87221EB30E811CB40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: CloseSleep
        • String ID:
        • API String ID: 2834455192-0
        • Opcode ID: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction ID: 53a22652312244dd428cc87178a91ee10f899d155b6b0cd1c2940fc679551261
        • Opcode Fuzzy Hash: 387dc68117c85aa04588b630e9d4136f2f09bdf975920dd2b0458bb56aba7992
        • Instruction Fuzzy Hash: DF0181B1609311FBF614EBA8CC89E6B7BACEF88304F008509F745961A1D770E824DB66
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001), ref: 1000F455
        • _beginthreadex.MSVCR100 ref: 1000F46F
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000F480
        • CloseHandle.KERNEL32(?), ref: 1000F48A
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
        • String ID:
        • API String ID: 92035984-0
        • Opcode ID: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction ID: 921555b066830f4cb8b2624134c10e9c56a88ef643209a2dd7351a24a6f63f56
        • Opcode Fuzzy Hash: f2c2a9695f5546a3f63724e8abb5d9655f4a66eaf7f50bd55e53ffa92cd2f6d5
        • Instruction Fuzzy Hash: 98F089B1E40314BBE710DBA88C4AF9E7778FB04720F104654F715BB2C0D6B1A6108BD4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00549C98: GetModuleHandleW.KERNEL32(00000000), ref: 00549C9F
        • __set_app_type.MSVCRT ref: 00549292
        • __p__fmode.MSVCRT ref: 005492A8
        • __p__commode.MSVCRT ref: 005492B6
        • __setusermatherr.MSVCRT ref: 005492D7
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
        • String ID:
        • API String ID: 1632413811-0
        • Opcode ID: 46ac8b162e3ee360c94aaa5a9f49e22b0cbd9d80e7a5387ea3aac679442509d1
        • Instruction ID: 9209aef8fc00f3055056acf6c1d7ef21c5da789c01bb0a2babf5df766aaf28f0
        • Opcode Fuzzy Hash: 46ac8b162e3ee360c94aaa5a9f49e22b0cbd9d80e7a5387ea3aac679442509d1
        • Instruction Fuzzy Hash: 99F0F8781453019FC798AB30AC4F6D93F71BBA732EB101619E862862E0DB79844CEE20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • StgOpenStorage.OLE32(?,00000000,00000020,00000000,00000000,?), ref: 00543F75
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: OpenStorage
        • String ID: &
        • API String ID: 222319337-1010288
        • Opcode ID: 4d3b679b5129720c3a6686d46d9ac6575a509e8215df1fe6fff5a9f730e137df
        • Instruction ID: 3be1eb1345a5c362343ebd95030e3e1749006e3743fe249d782fd900c4581bb7
        • Opcode Fuzzy Hash: 4d3b679b5129720c3a6686d46d9ac6575a509e8215df1fe6fff5a9f730e137df
        • Instruction Fuzzy Hash: 4F913A74B50218AFDB14DFA4DD98EAEBBB9FF54318B044428F516E7290DB30AD44CB20
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D4C5
        • memcpy.MSVCR100 ref: 1000D514
          • Part of subcall function 1000D3C0: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000027,10006B8A,?,1000D4B5,?,10006B8A,0000000F,00000000,?,10006B8A,http://whois.pconline.com.cn/ipJson.jsp), ref: 1000D3D7
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@Xout_of_range@std@@memcpy
        • String ID: string too long
        • API String ID: 4248180022-2556327735
        • Opcode ID: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction ID: a4f13ecf0952081fbe41274b609befe9ac74af70a3e0e212672b08d73571d859
        • Opcode Fuzzy Hash: f474f6384972b02d25240f2ff53d87380d29f41a3a2ed4fd07bc1aab7d37eecc
        • Instruction Fuzzy Hash: 8B21A2B67016419BF710EA5DA884A1EF7AAEFE12A5B100527FA01CB645C771ECA0C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000,80000000,00000000), ref: 1000D884
        • memcpy.MSVCR100 ref: 1000D8B2
          • Part of subcall function 1000D550: ?_Xout_of_range@std@@YAXPBD@Z.MSVCP100(invalid string position,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D569
          • Part of subcall function 1000D550: ?_Xlength_error@std@@YAXPBD@Z.MSVCP100(string too long,00000000,?,1000D869,00000000,00000000,?,6F7CAF20,00000000,?,100068D3,?,?,?,00000000,00000000), ref: 1000D588
          • Part of subcall function 1000D550: memcpy.MSVCR100 ref: 1000D5C6
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: Xlength_error@std@@memcpy$Xout_of_range@std@@
        • String ID: string too long
        • API String ID: 433638341-2556327735
        • Opcode ID: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction ID: 703f74e56b5a6ae3f2904c752d3220530fdbcf0c1df187b3632c7513ee2e0c23
        • Opcode Fuzzy Hash: e414b3b8a24fdfc98a6bd7b38fee740cf46b3843d0ae78d047c2e03378a324e1
        • Instruction Fuzzy Hash: 322194767106015BF704EE6DE88092DB3AAFB902A1754822BF91587688DB71EC91C7B1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • gethostname.WS2_32(?,00000100), ref: 0308813C
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4513328393.0000000003080000.00000040.00000400.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_3080000_msiexec.jbxd
        Similarity
        • API ID: gethostname
        • String ID: Host$SYSTEM\Setup
        • API String ID: 144339138-2058306683
        • Opcode ID: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction ID: 8e325e46bfd12eea0546de140e86f19570fb7607d2fe31cb2e557e891d82e86f
        • Opcode Fuzzy Hash: 424bc5d95a55262260841e60f9cc9a6dd0227f9e79109066e2d4e35aad484484
        • Instruction Fuzzy Hash: 11110BB0A422559BEB11EF188C81BAD77BDEF48300F40C0A5E608AB290DB70DA95CF59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 005488D6
        • GetProcAddress.KERNEL32(?), ref: 0054891F
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: OLE32
        • API String ID: 1175476452-2276369563
        • Opcode ID: 6529d5621968268d2d87dca6b10447853558367af56e29b5ce303b59310e898f
        • Instruction ID: 07573aeb5e35eaef5a50da377baddd43121a50a9b0d9603e7903a955212bd3e5
        • Opcode Fuzzy Hash: 6529d5621968268d2d87dca6b10447853558367af56e29b5ce303b59310e898f
        • Instruction Fuzzy Hash: 2401D436A06291ABEB599B359C1A6FA3EF8FBD631CF04043DE845C7290EE60DC04D761
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 00548D70
        • GetProcAddress.KERNEL32(?), ref: 00548DB9
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: KERNEL32
        • API String ID: 1175476452-1217789123
        • Opcode ID: f3310ae97a92e871ef057345d9ef83f95d0d6a87ceebc1067c9670b4ae38b08f
        • Instruction ID: 210fa4377bc64a70b4492b8e536c082fd50bba0d5e2f340e78763b6363fe96c4
        • Opcode Fuzzy Hash: f3310ae97a92e871ef057345d9ef83f95d0d6a87ceebc1067c9670b4ae38b08f
        • Instruction Fuzzy Hash: DB01B135A062909BDB29DB399C1D7EA3EE9FBA631CF08043ED845C7290EF60DC048790
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Sleep.KERNEL32(0000000A), ref: 00548C1F
        • GetProcAddress.KERNEL32(?), ref: 00548C68
        Strings
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: AddressProcSleep
        • String ID: VERSION
        • API String ID: 1175476452-2153328089
        • Opcode ID: 3569c53082cc206b32cf96b27de94d466c7e11e96470471fca95906017f99285
        • Instruction ID: d83bc8e2bfe56f4dc353a44fd104264f4f79dd7822830921ada9acee1529fb3f
        • Opcode Fuzzy Hash: 3569c53082cc206b32cf96b27de94d466c7e11e96470471fca95906017f99285
        • Instruction Fuzzy Hash: E301F5356062519FDB149B358C5D7EA7EE4FBD231CF04003ED445EB150EE60CC048760
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZT,?,00545A48,?,?,?), ref: 00542F8B
        Strings
        • Software\Policies\Microsoft\Windows\Installer, xrefs: 00542F85
        • HZT, xrefs: 00542F7F
        Memory Dump Source
        • Source File: 00000002.00000002.4510101853.0000000000541000.00000020.00000001.01000000.00000005.sdmp, Offset: 00540000, based on PE: true
        • Associated: 00000002.00000002.4509602749.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054D000.00000002.00000001.01000000.00000005.sdmpDownload File
        • Associated: 00000002.00000002.4511145251.000000000054F000.00000002.00000001.01000000.00000005.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_540000_msiexec.jbxd
        Similarity
        • API ID: Open
        • String ID: HZT$Software\Policies\Microsoft\Windows\Installer
        • API String ID: 71445658-2073520318
        • Opcode ID: 54809e7b9f3673b98f73d632d697a8923e953929c805cb39d6e6a9bbfc0d05b1
        • Instruction ID: ec9a61f46c1fa654c7297ee15118653e616733f1c8bc75ff4470ae31d75df9b5
        • Opcode Fuzzy Hash: 54809e7b9f3673b98f73d632d697a8923e953929c805cb39d6e6a9bbfc0d05b1
        • Instruction Fuzzy Hash: EFD05E799052987EF7214654AC0EBF27E68D3E131CF840058B60C56066C5A49C689350
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D04
        • memset.MSVCR100 ref: 10005D11
        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D26
        • memcpy.MSVCR100 ref: 10005D39
        Memory Dump Source
        • Source File: 00000002.00000002.4519547332.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
        • Associated: 00000002.00000002.4519508637.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519600414.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519621290.0000000010016000.00000004.00001000.00020000.00000000.sdmpDownload File
        • Associated: 00000002.00000002.4519649784.0000000010017000.00000002.00001000.00020000.00000000.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
        Similarity
        • API ID: AllocVirtual$memcpymemset
        • String ID:
        • API String ID: 2542864682-0
        • Opcode ID: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction ID: 6bcba5018c64a0d7bfbc913bb0fcea2d94ca6ada7cb730a1c330f2ddd8763f2c
        • Opcode Fuzzy Hash: 5516dd6f088836fda85847d8cbe2f0127152e30b76e42496b20e263947f7c812
        • Instruction Fuzzy Hash: 9E1159B5200200AFE724CF59CD84F6BB3E9EF88751F25845AFA459B355D6B1EC81CB50
        Uniqueness

        Uniqueness Score: -1.00%